diff -ruN skey-1.1.5.orig/CHANGES skey-1.1.5/CHANGES
--- skey-1.1.5.orig/CHANGES	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/CHANGES	2003-11-06 17:46:45.000000000 +0000
@@ -1,6 +1,19 @@
 *** Changes in version 1.1.5
 
 -  Bug fixes for errx/warnx
+(05/11/2003) taviso@gentoo.org
+	- ported some updates from the NetBSD project to Linux.
+	- removed a load of cast to voids.
+	- syntax changes.
+	- killing skeyaudit, using a shell script modified from NetBSD.
+	- cleanups to stop warnings with gcc.
+	- building a library for dynamic linking.
+	- swapping some str{cat,cpy} for strn{cat,cpy}
+	- killing rmd160 support.
+	- removing strlcpy function, not useful.
+	- quick hack for shadow support.
+	- quick hack for cracklib support.
+	- various other stuff.
 
 *** Changes in version 1.1.4
 
diff -ruN skey-1.1.5.orig/config.h.in skey-1.1.5/config.h.in
--- skey-1.1.5.orig/config.h.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/config.h.in	2003-11-06 17:46:45.000000000 +0000
@@ -109,6 +109,9 @@
 /* Define if you have the strtol function.  */
 #undef HAVE_STRTOL
 
+/* Define if you have the <crack.h> header file.  */
+#undef HAVE_CRACK_H
+
 /* Define if you have the <crypt.h> header file.  */
 #undef HAVE_CRYPT_H
 
@@ -130,12 +133,12 @@
 /* Define if you have the <md5global.h> header file.  */
 #undef HAVE_MD5GLOBAL_H
 
-/* Define if you have the <rmd160.h> header file.  */
-#undef HAVE_RMD160_H
-
 /* Define if you have the <sha1.h> header file.  */
 #undef HAVE_SHA1_H
 
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
 /* Define if you have the <sys/cdefs.h> header file.  */
 #undef HAVE_SYS_CDEFS_H
 
diff -ruN skey-1.1.5.orig/configure skey-1.1.5/configure
--- skey-1.1.5.orig/configure	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure	2003-11-06 17:47:49.000000000 +0000
@@ -960,47 +960,11 @@
   echo "$ac_t""no" 1>&6
 fi
 
-# Extract the first word of "sendmail", so it can be a program name with args.
-set dummy sendmail; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:967: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  case "$SENDMAIL" in
-  /*)
-  ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
-  ;;
-  ?:/*)			 
-  ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path.
-  ;;
-  *)
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin"
-  for ac_dir in $ac_dummy; do 
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_path_SENDMAIL="$ac_dir/$ac_word"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail"
-  ;;
-esac
-fi
-SENDMAIL="$ac_cv_path_SENDMAIL"
-if test -n "$SENDMAIL"; then
-  echo "$ac_t""$SENDMAIL" 1>&6
-else
-  echo "$ac_t""no" 1>&6
-fi
-
 
 
 
 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:1004: checking for crypt in -lcrypt" >&5
+echo "configure:968: checking for crypt in -lcrypt" >&5
 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1008,7 +972,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lcrypt  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1012 "configure"
+#line 976 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1019,7 +983,7 @@
 crypt()
 ; return 0; }
 EOF
-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1040,7 +1004,7 @@
 fi
 
 echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6
-echo "configure:1044: checking for flock in -lucb" >&5
+echo "configure:1008: checking for flock in -lucb" >&5
 ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1048,7 +1012,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lucb  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1052 "configure"
+#line 1016 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1059,7 +1023,7 @@
 flock()
 ; return 0; }
 EOF
-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1079,10 +1043,50 @@
   echo "$ac_t""no" 1>&6
 fi
 
+echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6
+echo "configure:1048: checking for FascistCheck in -lcrack" >&5
+ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcrack  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1056 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char FascistCheck();
+
+int main() {
+FascistCheck()
+; return 0; }
+EOF
+if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcrack"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
 
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1086: checking how to run the C preprocessor" >&5
+echo "configure:1090: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -1097,13 +1101,13 @@
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 1101 "configure"
+#line 1105 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1114,13 +1118,13 @@
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 1118 "configure"
+#line 1122 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1131,13 +1135,13 @@
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 1135 "configure"
+#line 1139 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1162,12 +1166,12 @@
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:1166: checking for ANSI C header files" >&5
+echo "configure:1170: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1171 "configure"
+#line 1175 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -1175,7 +1179,7 @@
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1192,7 +1196,7 @@
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1196 "configure"
+#line 1200 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -1210,7 +1214,7 @@
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1214 "configure"
+#line 1218 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -1231,7 +1235,7 @@
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 1235 "configure"
+#line 1239 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1242,7 +1246,7 @@
 exit (0); }
 
 EOF
-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -1266,12 +1270,12 @@
 fi
 
 echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5
 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1275 "configure"
+#line 1279 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -1287,7 +1291,7 @@
 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
 ; return 0; }
 EOF
-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_sys_wait_h=yes
 else
@@ -1307,21 +1311,21 @@
 
 fi
 
-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h
+for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1315: checking for $ac_hdr" >&5
+echo "configure:1319: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1320 "configure"
+#line 1324 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1349,12 +1353,12 @@
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1353: checking for working const" >&5
+echo "configure:1357: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1358 "configure"
+#line 1362 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -1403,7 +1407,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -1424,14 +1428,14 @@
 fi
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:1428: checking whether byte ordering is bigendian" >&5
+echo "configure:1432: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 1435 "configure"
+#line 1439 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1442,11 +1446,11 @@
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 1450 "configure"
+#line 1454 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1457,7 +1461,7 @@
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -1477,7 +1481,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1481 "configure"
+#line 1485 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -1490,7 +1494,7 @@
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -1514,12 +1518,12 @@
 fi
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:1518: checking for uid_t in sys/types.h" >&5
+echo "configure:1522: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1523 "configure"
+#line 1527 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -1548,12 +1552,12 @@
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:1552: checking for off_t" >&5
+echo "configure:1556: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1557 "configure"
+#line 1561 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1581,12 +1585,12 @@
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1585: checking for size_t" >&5
+echo "configure:1589: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1590 "configure"
+#line 1594 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1614,12 +1618,12 @@
 fi
 
 echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5
+echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1623 "configure"
+#line 1627 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <time.h>
@@ -1627,7 +1631,7 @@
 struct tm *tp; tp->tm_sec;
 ; return 0; }
 EOF
-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_tm=time.h
 else
@@ -1649,7 +1653,7 @@
 
 
 echo $ac_n "checking size of char""... $ac_c" 1>&6
-echo "configure:1653: checking size of char" >&5
+echo "configure:1657: checking size of char" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1657,7 +1661,7 @@
   ac_cv_sizeof_char=1
 else
   cat > conftest.$ac_ext <<EOF
-#line 1661 "configure"
+#line 1665 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1668,7 +1672,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_char=`cat conftestval`
 else
@@ -1688,7 +1692,7 @@
 
 
 echo $ac_n "checking size of short int""... $ac_c" 1>&6
-echo "configure:1692: checking size of short int" >&5
+echo "configure:1696: checking size of short int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1696,7 +1700,7 @@
   ac_cv_sizeof_short_int=2
 else
   cat > conftest.$ac_ext <<EOF
-#line 1700 "configure"
+#line 1704 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1707,7 +1711,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_short_int=`cat conftestval`
 else
@@ -1727,7 +1731,7 @@
 
 
 echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:1731: checking size of int" >&5
+echo "configure:1735: checking size of int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1735,7 +1739,7 @@
   ac_cv_sizeof_int=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 1739 "configure"
+#line 1743 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1746,7 +1750,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -1766,7 +1770,7 @@
 
 
 echo $ac_n "checking size of long int""... $ac_c" 1>&6
-echo "configure:1770: checking size of long int" >&5
+echo "configure:1774: checking size of long int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1774,7 +1778,7 @@
   ac_cv_sizeof_long_int=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 1778 "configure"
+#line 1782 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1785,7 +1789,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long_int=`cat conftestval`
 else
@@ -1805,7 +1809,7 @@
 
 
 echo $ac_n "checking size of long long int""... $ac_c" 1>&6
-echo "configure:1809: checking size of long long int" >&5
+echo "configure:1813: checking size of long long int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1813,7 +1817,7 @@
   ac_cv_sizeof_long_long_int=8
 else
   cat > conftest.$ac_ext <<EOF
-#line 1817 "configure"
+#line 1821 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1824,7 +1828,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long_long_int=`cat conftestval`
 else
@@ -1854,7 +1858,7 @@
         fi
         CFLAGS="$CFLAGS -D_HPUX_SOURCE"
         echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6
-echo "configure:1858: checking for HPUX trusted system password database" >&5
+echo "configure:1862: checking for HPUX trusted system password database" >&5
         if test -f /tcb/files/auth/system/default; then
                 echo "$ac_t""yes" 1>&6
                 cat >> confdefs.h <<\EOF
@@ -1903,16 +1907,16 @@
 
 
 echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6
-echo "configure:1907: checking for intXX_t types" >&5
+echo "configure:1911: checking for intXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 1909 "configure"
+#line 1913 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 int16_t a; int32_t b; a = 1235; b = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -1932,16 +1936,16 @@
 rm -f conftest* 
 
 echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6
-echo "configure:1936: checking for u_intXX_t types" >&5
+echo "configure:1940: checking for u_intXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 1938 "configure"
+#line 1942 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 u_int16_t c; u_int32_t d; c = 1235; d = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -1964,9 +1968,9 @@
            "x$ac_cv_header_sys_bitypes_h" = "xyes"
 then
         echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6
-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
         cat > conftest.$ac_ext <<EOF
-#line 1970 "configure"
+#line 1974 "configure"
 #include "confdefs.h"
 #include <sys/bitypes.h>
 int main() {
@@ -1978,7 +1982,7 @@
                 
 ; return 0; }
 EOF
-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                         cat >> confdefs.h <<\EOF
@@ -2002,16 +2006,16 @@
 fi
 
 echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6
-echo "configure:2006: checking for uintXX_t types" >&5
+echo "configure:2010: checking for uintXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 2008 "configure"
+#line 2012 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 uint16_t c; uint32_t d; c = 1235; d = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -2054,7 +2058,7 @@
 
 
 echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
-echo "configure:2058: checking for 8-bit clean memcmp" >&5
+echo "configure:2062: checking for 8-bit clean memcmp" >&5
 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -2062,7 +2066,7 @@
   ac_cv_func_memcmp_clean=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 2066 "configure"
+#line 2070 "configure"
 #include "confdefs.h"
 
 main()
@@ -2072,7 +2076,7 @@
 }
 
 EOF
-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_memcmp_clean=yes
 else
@@ -2090,12 +2094,12 @@
 test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
 
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:2094: checking return type of signal handlers" >&5
+echo "configure:2098: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2099 "configure"
+#line 2103 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -2112,7 +2116,7 @@
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -2131,12 +2135,12 @@
 
 
 echo $ac_n "checking for strftime""... $ac_c" 1>&6
-echo "configure:2135: checking for strftime" >&5
+echo "configure:2139: checking for strftime" >&5
 if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2140 "configure"
+#line 2144 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char strftime(); below.  */
@@ -2159,7 +2163,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_strftime=yes"
 else
@@ -2181,7 +2185,7 @@
   echo "$ac_t""no" 1>&6
 # strftime is in -lintl on SCO UNIX.
 echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
-echo "configure:2185: checking for strftime in -lintl" >&5
+echo "configure:2189: checking for strftime in -lintl" >&5
 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -2189,7 +2193,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lintl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2193 "configure"
+#line 2197 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -2200,7 +2204,7 @@
 strftime()
 ; return 0; }
 EOF
-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2227,12 +2231,12 @@
 fi
 
 echo $ac_n "checking for vprintf""... $ac_c" 1>&6
-echo "configure:2231: checking for vprintf" >&5
+echo "configure:2235: checking for vprintf" >&5
 if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2236 "configure"
+#line 2240 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char vprintf(); below.  */
@@ -2255,7 +2259,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_vprintf=yes"
 else
@@ -2279,12 +2283,12 @@
 
 if test "$ac_cv_func_vprintf" != yes; then
 echo $ac_n "checking for _doprnt""... $ac_c" 1>&6
-echo "configure:2283: checking for _doprnt" >&5
+echo "configure:2287: checking for _doprnt" >&5
 if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2288 "configure"
+#line 2292 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char _doprnt(); below.  */
@@ -2307,7 +2311,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func__doprnt=yes"
 else
@@ -2334,12 +2338,12 @@
 for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2338: checking for $ac_func" >&5
+echo "configure:2342: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2343 "configure"
+#line 2347 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2362,7 +2366,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
diff -ruN skey-1.1.5.orig/configure.in skey-1.1.5/configure.in
--- skey-1.1.5.orig/configure.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure.in	2003-11-06 17:47:14.000000000 +0000
@@ -9,19 +9,19 @@
 AC_CHECK_PROG(AR, ar, ar)
 AC_PATH_PROG(PERL, perl)
 AC_PATH_PROG(TOUCH, touch)
-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin)
 AC_SUBST(PERL)
 AC_SUBST(SENDMAIL)
 
 dnl Checks for libraries.
 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
 AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib")
+AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack")
 
 
 dnl Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h)
+AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h)
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
diff -ruN skey-1.1.5.orig/login_cap.c skey-1.1.5/login_cap.c
--- skey-1.1.5.orig/login_cap.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/login_cap.c	2003-11-06 17:46:45.000000000 +0000
@@ -37,6 +37,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <pwd.h>
+#include <grp.h>
 #include <syslog.h>
 
 /* 
diff -ruN skey-1.1.5.orig/Makefile.in skey-1.1.5/Makefile.in
--- skey-1.1.5.orig/Makefile.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/Makefile.in	2003-11-06 17:47:42.000000000 +0000
@@ -27,12 +27,11 @@
 TOUCH=@TOUCH@
 LDFLAGS=-L. @LDFLAGS@
 
-TARGETS=skey skeyinit skeyinfo skeyaudit
-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o
+TARGETS=skey skeyinit skeyinfo libskey.a
+LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o
 SKEYOBJS=skey.o
 SKEYINITOBJS=skeyinit.o
 SKEYINFOOBJS=skeyinfo.o
-SKEYAUDITOBJS=skeyaudit.o
 
 
 SCRIPTS=skeyprune.pl
@@ -41,11 +40,11 @@
 CATMAN		= skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0
 MANPAGES	= @MANTYPE@
 
-PATHSUBS	= -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL}
+PATHSUBS	= -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL}
 
 FIXPATHSCMD     = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
 
-HDRS=	skey.h sha1.h rmd160.h
+HDRS=	skey.h sha1.h
 
 all: ${TARGETS} ${MANPAGES}
 
@@ -55,24 +54,27 @@
 	${AR} rv $@ ${LIBOBJS}
 	${RANLIB} $@
 
-skey: libskey.a ${SKEYOBJS}
+libskey.so: ${LIBOBJS}
+	${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS}
+	ln -fs libskey.so.1.1.5 libskey.so
+	ln -fs libskey.so.1.1.5 libskey.so.1
+	ln -fs libskey.so.1.1.5 libskey.so.1.1
+
+skey: libskey.so ${SKEYOBJS}
 	${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
 
-skeyinit: libskey.a ${SKEYINITOBJS}
+skeyinit: libskey.so ${SKEYINITOBJS}
 	${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} 
 
-skeyinfo: libskey.a ${SKEYINFOOBJS}
+skeyinfo: libskey.so ${SKEYINFOOBJS}
 	${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
 
-skeyaudit: libskey.a ${SKEYAUDITOBJS}
-	${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS}
-
 ${MANPAGES} ${SCRIPTS}::
 	${FIXPATHSCMD} ${srcdir}/$@
 
 clean:
 	rm -f *.o *.a ${TARGETS} config.status config.cache config.log
-	rm -f *.out core
+	rm -f *.out core *.so *.so.*
 
 distclean: clean
 	rm -f Makefile config.h core *~
@@ -97,6 +99,10 @@
 	$(INSTALL) -d $(DESTDIR)$(includedir)
 	$(INSTALL) -d $(DESTDIR)$(sysconfdir)
 	${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir)
 	${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir)
 	@for target in ${TARGETS}; do \
 		${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \
@@ -119,9 +125,9 @@
 	-rm -f $(DESTDIR)$(bindir)/skeyaudit
 	-rm -f $(DESTDIR)$(bindir)/skeyprune
 	-rm -f $(DESTDIR)$(libdir)/libskey.a
+	-rm -f $(DESTDIR)$(libdir)/libskey.so*
 	-rm -f $(DESTDIR)$(includedir)/skey.h
 	-rm -f $(DESTDIR)$(includedir)/sha1.h
-	-rm -f $(DESTDIR)$(includedir)/rmd160.h
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1
diff -ruN skey-1.1.5.orig/put.c skey-1.1.5/put.c
--- skey-1.1.5.orig/put.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/put.c	2003-11-06 17:46:45.000000000 +0000
@@ -14,7 +14,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
-/*#include <ctype.h>*/
+#include <ctype.h>
 #include "config.h"
 
 #include "skey.h"
@@ -22,10 +22,10 @@
 static unsigned int extract __P ((char *s, int start, int length));
 static void standard __P ((char *word));
 static void insert __P ((char *s, int x, int start, int length));
-static int wsrch __P ((char *w, int low, int high));
+static int wsrch __P ((const char *w, int low, int high));
 
 /* Dictionary for integer-word translations */
-static char Wp[2048][4] = {
+char Wp[2048][4] = {
 	"A",
 	"ABE",
 	"ACE",
@@ -2079,19 +2079,13 @@
 /* Encode 8 bytes in 'c' as a string of English words.
  * Returns a pointer to a static buffer
  */
-char *
-btoe(engout, c)
-	char *c;
-	char *engout;
+char *btoe(char *engout, const char *c)
 {
-	char cp[10];	/* add in room for the parity 2 bits + extract() slop */
+	char cp[9];	/* add in room for the parity 2 bits */
 	int p, i;
 
 	engout[0] = '\0';
-
-	/* workaround for extract() reads beyond end of data */
-	(void)memset(cp, 0, sizeof(cp));
-	(void)memcpy(cp, c, 8);
+	memcpy(cp, c, 8);
 
 	/* compute parity */
 	for (p = 0, i = 0; i < 64; i += 2)
@@ -2099,20 +2093,20 @@
 
 	cp[8] = (char)p << 6;
 
-	(void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
+	strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
 
 #ifdef	notdef
-	(void)fprintf(stderr, "engout is %s\n\r", engout);
+	printf ("engout is %s\n\r", engout);
 #endif
 	return(engout);
 }
@@ -2123,41 +2117,42 @@
  *        -1 badly formed in put ie > 4 char word
  *        -2 words OK but parity is wrong
  */
-int
-etob(out, e)
-	char *out;
-	char *e;
+int etob(char *out, const char *e)
 {
 	char *word;
 	int i, p, v, l, low, high;
-	char b[SKEY_BINKEY_SIZE+1];
+	char b[9];
 	char input[36];
+	char *last;
 
 	if (e == NULL)
-		return(-1);
+		return -1;
 
-	(void)strncpy(input, e, sizeof(input) - 1);
-	input[sizeof(input) - 1] = '\0';
-	(void)memset(b, 0, sizeof(b));
-	(void)memset(out, 0, SKEY_BINKEY_SIZE);
-	for (i = 0, p = 0; i < 6; i++, p += 11) {
-		if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL) 
-			return(-1);
-
-		l = strlen(word);
-		if (l > 4 || l < 1) {
-			return(-1);
-		} else if (l < 4) {
+	strncpy (input, e, sizeof(input));
+	memset(b, 0, sizeof(b));
+	memset(out, 0, 8);
+	for (i = 0, p = 0; i < 6; i++, p += 11) 
+	{
+		if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL) 
+			return -1;
+
+		l = strlen (word);
+		if (l > 4 || l < 1)
+			return -1;
+		else if (l < 4) 
+		{
 			low = 0;
 			high = 570;
-		} else {
+		} 
+		else 
+		{
 			low = 571;
 			high = 2047;
 		}
 		standard(word);
 
 		if ((v = wsrch(word, low, high)) < 0) 
-			return(0);
+			return 0;
 
 		insert(b, v, p, 11);
 	}
@@ -2167,55 +2162,47 @@
 		p += extract (b, i, 2);
 
 	if ((p & 3) != extract (b, 64, 2)) 
-		return(-2);
+		return -2;
 
-	(void)memcpy(out, b, SKEY_BINKEY_SIZE);
+	memcpy(out, b, 8);
 
-	return(1);
+	return 1;
 }
 
 /* Display 8 bytes as a series of 16-bit hex digits */
-char *
-put8(out, s)
-	char *out;
-	char *s;
+char *put8(char *out, const char *s)
 {
-	(void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
+	sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
 			s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
 			s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
 			s[6] & 0xff, s[7] & 0xff);
-	return(out);
+	return out;
 }
 
 #ifdef	notdef
 /* Encode 8 bytes in 'cp' as stream of ascii letters.
  * Provided as a possible alternative to btoe()
  */
-char *
-btoc(cp)
-	char *cp;
+char *btoc(char *cp)
 {
 	int i;
 	static char out[31];
 
 	/* code out put by characters 6 bits each added to 0x21 (!) */
-	for (i = 0; i <= 10; i++) {
+	for (i = 0; i <= 10; i++) 
+	{
 		/* last one is only 4 bits not 6 */
 		out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6);
 	}
 	out[i] = '\0';
-	return(out);
+	return out;
 }
 #endif
 
 /* Internal subroutines for word encoding/decoding */
 
 /* Dictionary binary search */
-static int
-wsrch(w, low, high)
-	char *w;
-	int low;
-	int high;
+static int wsrch(const char *w, int low, int high)
 {
 	int i, j;
 
@@ -2223,18 +2210,18 @@
 		i = (low + high) / 2;
 
 		if ((j = strncmp(w, Wp[i], 4)) == 0)
-			return(i);			/* Found it */
-
-		if (high == low + 1) {
+			return i;			/* Found it */
+		if (high == low + 1) 
+		{
 			/* Avoid effects of integer truncation in /2 */
 			if (strncmp(w, Wp[high], 4) == 0)
-				return(high);
+				return high;
 			else
-				return(-1);
+				return -1;
 		}
 
 		if (low >= high)
-			return(-1);	/* I don't *think* this can happen... */
+			return -1;	/* I don't *think* this can happen... */
 		if (j < 0)
 			high = i;	/* Search lower half */
 		else
@@ -2242,12 +2229,7 @@
 	}
 }
 
-static void
-insert(s, x, start, length)
-	char *s;
-	int x;
-	int start;
-	int length;
+static void insert(char *s, int x, int start, int length)
 {
 	unsigned char cl;
 	unsigned char cc;
@@ -2261,25 +2243,28 @@
 	assert(start + length <= 66);
 
 	shift = ((8 - ((start + length) % 8)) % 8);
-	y = x << shift;
+	y = (int) x << shift;
 	cl = (y >> 16) & 0xff;
 	cc = (y >> 8) & 0xff;
 	cr = y & 0xff;
-	if (shift + length > 16) {
+	if (shift + length > 16) 
+	{
 		s[start / 8] |= cl;
 		s[start / 8 + 1] |= cc;
 		s[start / 8 + 2] |= cr;
-	} else if (shift + length > 8) {
+	} 
+	else if (shift + length > 8) 
+	{
 		s[start / 8] |= cc;
 		s[start / 8 + 1] |= cr;
-	} else {
+	} 
+	else 
+	{
 		s[start / 8] |= cr;
  	}
 }
 
-static void
-standard(word)
-	register char *word;
+static void standard(char *word)
 {
 	while (*word) {
 		if (!isascii(*word))
@@ -2297,11 +2282,7 @@
 }
 
 /* Extract 'length' bits from the char array 's' starting with bit 'start' */
-static unsigned int
-extract(s, start, length)
-	char *s;
-	int start;
-	int length;
+static unsigned int extract(char *s, int start, int length)
 {
 	unsigned char cl;
 	unsigned char cc;
@@ -2320,5 +2301,5 @@
 	x = x >> (24 - (length + (start % 8)));
 	x = (x & (0xffff >> (16 - length)));
 
-	return(x);
+	return x;
 }
diff -ruN skey-1.1.5.orig/rmd160.c skey-1.1.5/rmd160.c
--- skey-1.1.5.orig/rmd160.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,428 +0,0 @@
-/********************************************************************\
- *
- *      FILE:     rmd160.c
- *
- *      CONTENTS: A sample C-implementation of the RIPEMD-160
- *		  hash-function.
- *      TARGET:   any computer with an ANSI C compiler
- *
- *      AUTHOR:   Antoon Bosselaers, ESAT-COSIC
- *		  (Arranged for libc by Todd C. Miller)
- *      DATE:     1 March 1996
- *      VERSION:  1.0
- *
- *      Copyright (c) Katholieke Universiteit Leuven
- *      1996, All Rights Reserved
- *
-\********************************************************************/
-#ifndef HAVE_RMD160_H
-
-/* header files */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include "config.h"
-#include "rmd160.h"
-
-/********************************************************************/
-
-/* macro definitions */
-
-/* collect four bytes into one word: */
-#define BYTES_TO_DWORD(strptr)			\
-    (((u_int32_t) *((strptr)+3) << 24) |	\
-    ((u_int32_t) *((strptr)+2) << 16) |		\
-    ((u_int32_t) *((strptr)+1) <<  8) |		\
-    ((u_int32_t) *(strptr)))
-
-/* ROL(x, n) cyclically rotates x over n bits to the left */
-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */
-#define ROL(x, n)	(((x) << (n)) | ((x) >> (32-(n))))
-
-/* the three basic functions F(), G() and H() */
-#define F(x, y, z)	((x) ^ (y) ^ (z))
-#define G(x, y, z)	(((x) & (y)) | (~(x) & (z)))
-#define H(x, y, z)	(((x) | ~(y)) ^ (z))
-#define I(x, y, z)	(((x) & (z)) | ((y) & ~(z)))
-#define J(x, y, z)	((x) ^ ((y) | ~(z)))
-
-/* the eight basic operations FF() through III() */
-#define FF(a, b, c, d, e, x, s)	{			\
-      (a) += F((b), (c), (d)) + (x);			\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define GG(a, b, c, d, e, x, s)	{			\
-      (a) += G((b), (c), (d)) + (x) + 0x5a827999U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define HH(a, b, c, d, e, x, s)	{			\
-      (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define II(a, b, c, d, e, x, s)	{			\
-      (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define JJ(a, b, c, d, e, x, s)	{			\
-      (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define FFF(a, b, c, d, e, x, s)	{		\
-      (a) += F((b), (c), (d)) + (x);			\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define GGG(a, b, c, d, e, x, s)	{		\
-      (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define HHH(a, b, c, d, e, x, s)	{		\
-      (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define III(a, b, c, d, e, x, s)	{		\
-      (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define JJJ(a, b, c, d, e, x, s)	{		\
-      (a) += J((b), (c), (d)) + (x) + 0x50a28be6U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-
-/********************************************************************/
-
-void
-RMD160Init(context)
-	RMD160_CTX *context;
-{
-
-	/* ripemd-160 initialization constants */
-	context->state[0] = 0x67452301U;
-	context->state[1] = 0xefcdab89U;
-	context->state[2] = 0x98badcfeU;
-	context->state[3] = 0x10325476U;
-	context->state[4] = 0xc3d2e1f0U;
-	context->length[0] = context->length[1] = 0;
-	context->buflen = 0;
-}
-
-/********************************************************************/
-
-void
-RMD160Transform(state, block)
-	u_int32_t state[5];
-	const u_int32_t block[16];
-{
-	u_int32_t aa = state[0],  bb = state[1],  cc = state[2],
-	    dd = state[3],  ee = state[4];
-	u_int32_t aaa = state[0], bbb = state[1], ccc = state[2],
-	    ddd = state[3], eee = state[4];
-
-	/* round 1 */
-	FF(aa, bb, cc, dd, ee, block[ 0], 11);
-	FF(ee, aa, bb, cc, dd, block[ 1], 14);
-	FF(dd, ee, aa, bb, cc, block[ 2], 15);
-	FF(cc, dd, ee, aa, bb, block[ 3], 12);
-	FF(bb, cc, dd, ee, aa, block[ 4],  5);
-	FF(aa, bb, cc, dd, ee, block[ 5],  8);
-	FF(ee, aa, bb, cc, dd, block[ 6],  7);
-	FF(dd, ee, aa, bb, cc, block[ 7],  9);
-	FF(cc, dd, ee, aa, bb, block[ 8], 11);
-	FF(bb, cc, dd, ee, aa, block[ 9], 13);
-	FF(aa, bb, cc, dd, ee, block[10], 14);
-	FF(ee, aa, bb, cc, dd, block[11], 15);
-	FF(dd, ee, aa, bb, cc, block[12],  6);
-	FF(cc, dd, ee, aa, bb, block[13],  7);
-	FF(bb, cc, dd, ee, aa, block[14],  9);
-	FF(aa, bb, cc, dd, ee, block[15],  8);
-
-	/* round 2 */
-	GG(ee, aa, bb, cc, dd, block[ 7],  7);
-	GG(dd, ee, aa, bb, cc, block[ 4],  6);
-	GG(cc, dd, ee, aa, bb, block[13],  8);
-	GG(bb, cc, dd, ee, aa, block[ 1], 13);
-	GG(aa, bb, cc, dd, ee, block[10], 11);
-	GG(ee, aa, bb, cc, dd, block[ 6],  9);
-	GG(dd, ee, aa, bb, cc, block[15],  7);
-	GG(cc, dd, ee, aa, bb, block[ 3], 15);
-	GG(bb, cc, dd, ee, aa, block[12],  7);
-	GG(aa, bb, cc, dd, ee, block[ 0], 12);
-	GG(ee, aa, bb, cc, dd, block[ 9], 15);
-	GG(dd, ee, aa, bb, cc, block[ 5],  9);
-	GG(cc, dd, ee, aa, bb, block[ 2], 11);
-	GG(bb, cc, dd, ee, aa, block[14],  7);
-	GG(aa, bb, cc, dd, ee, block[11], 13);
-	GG(ee, aa, bb, cc, dd, block[ 8], 12);
-
-	/* round 3 */
-	HH(dd, ee, aa, bb, cc, block[ 3], 11);
-	HH(cc, dd, ee, aa, bb, block[10], 13);
-	HH(bb, cc, dd, ee, aa, block[14],  6);
-	HH(aa, bb, cc, dd, ee, block[ 4],  7);
-	HH(ee, aa, bb, cc, dd, block[ 9], 14);
-	HH(dd, ee, aa, bb, cc, block[15],  9);
-	HH(cc, dd, ee, aa, bb, block[ 8], 13);
-	HH(bb, cc, dd, ee, aa, block[ 1], 15);
-	HH(aa, bb, cc, dd, ee, block[ 2], 14);
-	HH(ee, aa, bb, cc, dd, block[ 7],  8);
-	HH(dd, ee, aa, bb, cc, block[ 0], 13);
-	HH(cc, dd, ee, aa, bb, block[ 6],  6);
-	HH(bb, cc, dd, ee, aa, block[13],  5);
-	HH(aa, bb, cc, dd, ee, block[11], 12);
-	HH(ee, aa, bb, cc, dd, block[ 5],  7);
-	HH(dd, ee, aa, bb, cc, block[12],  5);
-
-	/* round 4 */
-	II(cc, dd, ee, aa, bb, block[ 1], 11);
-	II(bb, cc, dd, ee, aa, block[ 9], 12);
-	II(aa, bb, cc, dd, ee, block[11], 14);
-	II(ee, aa, bb, cc, dd, block[10], 15);
-	II(dd, ee, aa, bb, cc, block[ 0], 14);
-	II(cc, dd, ee, aa, bb, block[ 8], 15);
-	II(bb, cc, dd, ee, aa, block[12],  9);
-	II(aa, bb, cc, dd, ee, block[ 4],  8);
-	II(ee, aa, bb, cc, dd, block[13],  9);
-	II(dd, ee, aa, bb, cc, block[ 3], 14);
-	II(cc, dd, ee, aa, bb, block[ 7],  5);
-	II(bb, cc, dd, ee, aa, block[15],  6);
-	II(aa, bb, cc, dd, ee, block[14],  8);
-	II(ee, aa, bb, cc, dd, block[ 5],  6);
-	II(dd, ee, aa, bb, cc, block[ 6],  5);
-	II(cc, dd, ee, aa, bb, block[ 2], 12);
-
-	/* round 5 */
-	JJ(bb, cc, dd, ee, aa, block[ 4],  9);
-	JJ(aa, bb, cc, dd, ee, block[ 0], 15);
-	JJ(ee, aa, bb, cc, dd, block[ 5],  5);
-	JJ(dd, ee, aa, bb, cc, block[ 9], 11);
-	JJ(cc, dd, ee, aa, bb, block[ 7],  6);
-	JJ(bb, cc, dd, ee, aa, block[12],  8);
-	JJ(aa, bb, cc, dd, ee, block[ 2], 13);
-	JJ(ee, aa, bb, cc, dd, block[10], 12);
-	JJ(dd, ee, aa, bb, cc, block[14],  5);
-	JJ(cc, dd, ee, aa, bb, block[ 1], 12);
-	JJ(bb, cc, dd, ee, aa, block[ 3], 13);
-	JJ(aa, bb, cc, dd, ee, block[ 8], 14);
-	JJ(ee, aa, bb, cc, dd, block[11], 11);
-	JJ(dd, ee, aa, bb, cc, block[ 6],  8);
-	JJ(cc, dd, ee, aa, bb, block[15],  5);
-	JJ(bb, cc, dd, ee, aa, block[13],  6);
-
-	/* parallel round 1 */
-	JJJ(aaa, bbb, ccc, ddd, eee, block[ 5],  8);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[14],  9);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 7],  9);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 4],  5);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[13],  7);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 6],  7);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[15],  8);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[12],  6);
-
-	/* parallel round 2 */
-	III(eee, aaa, bbb, ccc, ddd, block[ 6],  9);
-	III(ddd, eee, aaa, bbb, ccc, block[11], 13);
-	III(ccc, ddd, eee, aaa, bbb, block[ 3], 15);
-	III(bbb, ccc, ddd, eee, aaa, block[ 7],  7);
-	III(aaa, bbb, ccc, ddd, eee, block[ 0], 12);
-	III(eee, aaa, bbb, ccc, ddd, block[13],  8);
-	III(ddd, eee, aaa, bbb, ccc, block[ 5],  9);
-	III(ccc, ddd, eee, aaa, bbb, block[10], 11);
-	III(bbb, ccc, ddd, eee, aaa, block[14],  7);
-	III(aaa, bbb, ccc, ddd, eee, block[15],  7);
-	III(eee, aaa, bbb, ccc, ddd, block[ 8], 12);
-	III(ddd, eee, aaa, bbb, ccc, block[12],  7);
-	III(ccc, ddd, eee, aaa, bbb, block[ 4],  6);
-	III(bbb, ccc, ddd, eee, aaa, block[ 9], 15);
-	III(aaa, bbb, ccc, ddd, eee, block[ 1], 13);
-	III(eee, aaa, bbb, ccc, ddd, block[ 2], 11);
-
-	/* parallel round 3 */
-	HHH(ddd, eee, aaa, bbb, ccc, block[15],  9);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 5],  7);
-	HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15);
-	HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 7],  8);
-	HHH(ddd, eee, aaa, bbb, ccc, block[14],  6);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 6],  6);
-	HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14);
-	HHH(aaa, bbb, ccc, ddd, eee, block[11], 12);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13);
-	HHH(ddd, eee, aaa, bbb, ccc, block[12],  5);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14);
-	HHH(bbb, ccc, ddd, eee, aaa, block[10], 13);
-	HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 4],  7);
-	HHH(ddd, eee, aaa, bbb, ccc, block[13],  5);
-
-	/* parallel round 4 */
-	GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15);
-	GGG(bbb, ccc, ddd, eee, aaa, block[ 6],  5);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 4],  8);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11);
-	GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14);
-	GGG(ccc, ddd, eee, aaa, bbb, block[11], 14);
-	GGG(bbb, ccc, ddd, eee, aaa, block[15],  6);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 5],  6);
-	GGG(ddd, eee, aaa, bbb, ccc, block[12],  9);
-	GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12);
-	GGG(bbb, ccc, ddd, eee, aaa, block[13],  9);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 7],  5);
-	GGG(ddd, eee, aaa, bbb, ccc, block[10], 15);
-	GGG(ccc, ddd, eee, aaa, bbb, block[14],  8);
-
-	/* parallel round 5 */
-	FFF(bbb, ccc, ddd, eee, aaa, block[12] ,  8);
-	FFF(aaa, bbb, ccc, ddd, eee, block[15] ,  5);
-	FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 4] ,  9);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12);
-	FFF(bbb, ccc, ddd, eee, aaa, block[ 5] ,  5);
-	FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14);
-	FFF(eee, aaa, bbb, ccc, ddd, block[ 7] ,  6);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 6] ,  8);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13);
-	FFF(bbb, ccc, ddd, eee, aaa, block[13] ,  6);
-	FFF(aaa, bbb, ccc, ddd, eee, block[14] ,  5);
-	FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11);
-	FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11);
-
-	/* combine results */
-	ddd += cc + state[1];		/* final result for state[0] */
-	state[1] = state[2] + dd + eee;
-	state[2] = state[3] + ee + aaa;
-	state[3] = state[4] + aa + bbb;
-	state[4] = state[0] + bb + ccc;
-	state[0] = ddd;
-}
-
-/********************************************************************/
-
-void
-RMD160Update(context, data, nbytes)
-	RMD160_CTX *context;
-	const u_char *data;
-	u_int32_t nbytes;
-{
-	u_int32_t X[16];
-	u_int32_t ofs = 0;
-	u_int32_t i;
-#ifdef WORDS_BIGENDIAN
-	u_int32_t j;
-#endif
-
-	/* update length[] */
-	if (context->length[0] + nbytes < context->length[0])
-		context->length[1]++;		/* overflow to msb of length */
-	context->length[0] += nbytes;
-
-	(void)memset(X, 0, sizeof(X));
-
-        if ( context->buflen + nbytes < 64 )
-        {
-                (void)memcpy(context->bbuffer + context->buflen, data, nbytes);
-                context->buflen += nbytes;
-        }
-        else
-        {
-                /* process first block */
-                ofs = 64 - context->buflen;
-                (void)memcpy(context->bbuffer + context->buflen, data, ofs);
-#ifndef WORDS_BIGENDIAN
-                (void)memcpy(X, context->bbuffer, sizeof(X));
-#else
-                for (j=0; j < 16; j++)
-                        X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
-                RMD160Transform(context->state, X);
-                nbytes -= ofs;
-
-                /* process remaining complete blocks */
-                for (i = 0; i < (nbytes >> 6); i++) {
-#ifndef WORDS_BIGENDIAN
-                        (void)memcpy(X, data + (64 * i) + ofs, sizeof(X));
-#else
-                        for (j=0; j < 16; j++)
-                                X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs);
-#endif
-                        RMD160Transform(context->state, X);
-                }
-
-                /*
-                 * Put last bytes from data into context's buffer
-                 */
-                context->buflen = nbytes & 63;
-                memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen);
-        }
-}
-
-/********************************************************************/
-
-void
-RMD160Final(digest, context)
-	u_char digest[20];
-	RMD160_CTX *context;
-{
-	u_int32_t i;
-	u_int32_t X[16];
-#ifdef WORDS_BIGENDIAN
-	u_int32_t j;
-#endif
-
-	/* append the bit m_n == 1 */
-	context->bbuffer[context->buflen] = '\200';
-
-	(void)memset(context->bbuffer + context->buflen + 1, 0,
-		63 - context->buflen);
-#ifndef WORDS_BIGENDIAN
-	(void)memcpy(X, context->bbuffer, sizeof(X));
-#else
-	for (j=0; j < 16; j++)
-		X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
-	if ((context->buflen) > 55) {
-		/* length goes to next block */
-		RMD160Transform(context->state, X);
-		(void)memset(X, 0, sizeof(X));
-	}
-
-	/* append length in bits */
-	X[14] = context->length[0] << 3;
-	X[15] = (context->length[0] >> 29) |
-	    (context->length[1] << 3);
-	RMD160Transform(context->state, X);
-
-	if (digest != NULL) {
-		for (i = 0; i < 20; i += 4) {
-			/* extracts the 8 least significant bits. */
-			digest[i]     =  context->state[i>>2];
-			digest[i + 1] = (context->state[i>>2] >>  8);
-			digest[i + 2] = (context->state[i>>2] >> 16);
-			digest[i + 3] = (context->state[i>>2] >> 24);
-		}
-	}
-}
-
-/************************ end of file rmd160.c **********************/
-#endif
diff -ruN skey-1.1.5.orig/rmd160.h skey-1.1.5/rmd160.h
--- skey-1.1.5.orig/rmd160.h	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.h	1970-01-01 01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-/*	$OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $	*/
-
-/********************************************************************\
- *
- *      FILE:     rmd160.h
- *
- *      CONTENTS: Header file for a sample C-implementation of the
- *                RIPEMD-160 hash-function. 
- *      TARGET:   any computer with an ANSI C compiler
- *
- *      AUTHOR:   Antoon Bosselaers, ESAT-COSIC
- *      DATE:     1 March 1996
- *      VERSION:  1.0
- *
- *      Copyright (c) Katholieke Universiteit Leuven
- *      1996, All Rights Reserved
- *
-\********************************************************************/
-
-#ifndef  _RMD160_H	/* make sure this file is read only once */
-#define  _RMD160_H
-
-/********************************************************************/
-
-/* structure definitions */
-
-typedef struct {
-	u_int32_t state[5];	/* state (ABCDE) */
-	u_int32_t length[2];	/* number of bits */
-	u_char	bbuffer[64];    /* overflow buffer */
-	u_int32_t buflen;	/* number of chars in bbuffer */
-} RMD160_CTX;
-
-/********************************************************************/
-
-/* function prototypes */
-
-void RMD160Init __P((RMD160_CTX *context));
-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16]));
-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes));
-void RMD160Final __P((u_char digest[20], RMD160_CTX *context));
-char *RMD160End __P((RMD160_CTX *, char *));
-char *RMD160File __P((char *, char *));
-char *RMD160Data __P((const u_char *, size_t, char *));
-
-#endif  /* _RMD160_H */
-
-/*********************** end of file rmd160.h ***********************/
diff -ruN skey-1.1.5.orig/rmd160hl.c skey-1.1.5/rmd160hl.c
--- skey-1.1.5.orig/rmd160hl.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160hl.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,85 +0,0 @@
-/* rmd160hl.c
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dkuug.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include "config.h"
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
-
-/* ARGSUSED */
-char *
-RMD160End(ctx, buf)
-    RMD160_CTX *ctx;
-    char *buf;
-{
-    int i;
-    char *p = buf;
-    u_char digest[20];
-    static const char hex[]="0123456789abcdef";
-
-    if (p == NULL && (p = malloc(41)) == NULL)
-	return 0;
-
-    RMD160Final(digest,ctx);
-    for (i = 0; i < 20; i++) {
-	p[i + i] = hex[digest[i] >> 4];
-	p[i + i + 1] = hex[digest[i] & 0x0f];
-    }
-    p[i + i] = '\0';
-    return(p);
-}
-
-char *
-RMD160File (filename, buf)
-    char *filename;
-    char *buf;
-{
-    u_char buffer[BUFSIZ];
-    RMD160_CTX ctx;
-    int fd, num, oerrno;
-
-    RMD160Init(&ctx);
-
-    if ((fd = open(filename, O_RDONLY)) < 0)
-	return(0);
-
-    while ((num = read(fd, buffer, sizeof(buffer))) > 0)
-	RMD160Update(&ctx, buffer, num);
-
-    oerrno = errno;
-    close(fd);
-    errno = oerrno;
-    return(num < 0 ? 0 : RMD160End(&ctx, buf));
-}
-
-char *
-RMD160Data (data, len, buf)
-    const u_char *data;
-    size_t len;
-    char *buf;
-{
-    RMD160_CTX ctx;
-
-    RMD160Init(&ctx);
-    RMD160Update(&ctx, data, len);
-    return(RMD160End(&ctx, buf));
-}
diff -ruN skey-1.1.5.orig/skey.1 skey-1.1.5/skey.1
--- skey-1.1.5.orig/skey.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,95 +1,165 @@
-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $
-.\"	@(#)skey.1	1.1 	10/28/93
+.\"	$NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $
 .\"
-.Dd October 28, 1993
+.\"	from: @(#)skey.1	1.1 	10/28/93
+.\"
+.Dd July 25, 2001
 .Dt SKEY 1
 .Os
 .Sh NAME
-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
+.Nm skey
 .Nd respond to an OTP challenge
 .Sh SYNOPSIS
-.Nm skey
-.Op Fl x
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
+.Nm
 .Op Fl n Ar count
-.Op Fl p Ar passwd
-<sequence#>[/] key
+.Op Fl p Ar password
+.Op Fl t Ar hash
+.Op Fl x
+.Ar sequence#
+.Op /
+.Ar key
 .Sh DESCRIPTION
-.Nm S/key
-is a procedure for using one-time passwords to authenticate access to
-computer systems.
-It uses 64 bits of information transformed by the
-MD4, MD5, SHA1, or RIPEMD-160 algorithms.
-The user supplies the 64 bits
-in the form of 6 English words that are generated by a secure computer.
-This implementation of
-.Nm s/key
-is RFC 1938 compliant.
+.Em S/Key
+is a One Time Password (OTP) authentication system.
+It is intended to be used when the communication channel between
+a user and host is not secure (e.g. not encrypted or hardwired).
+Since each password is used only once, even if it is "seen" by a
+hostile third party, it cannot be used again to gain access to the host.
 .Pp
-When
-.Nm skey
-is invoked as
-.Nm otp-method ,
-.Nm skey
-will use
-.Ar method
-as the hash function where
-.Ar method
-is currently one of md4, md5, sha1, or rmd160.
+.Em S/Key
+uses 64 bits of information, transformed by the
+.Tn MD4
+algorithm into 6 English words.
+The user supplies the words to authenticate himself to programs like
+.Xr login 1
+or
+.Xr ftpd 8 .
+.Pp
+Example use of the
+.Em S/Key
+program
+.Nm :
+.Bd -literal -offset indent
+% skey  99  th91334
+Enter password: \*[Lt]your secret password is entered here\*[Gt]
+OMEN US HORN OMIT BACK AHOY
+%
+.Ed
+.Pp
+The string that is given back by
+.Nm
+can then be used to log into a system.
+.Pp
+The programs that are part of the
+.Em S/Key
+system are:
+.Bl -tag -width skeyauditxxx
+.It Xr skeyinit 1
+used to set up your
+.Em S/Key .
+.It Nm
+used to get the one time password(s).
+.It Xr skeyinfo 1
+used to initialize the
+.Em S/Key
+database for the specified user.
+It also tells the user what the next challenge will be.
+.It Xr skeyaudit 1
+used to inform users that they will soon have to rerun
+.Xr skeyinit 1 .
+.El
 .Pp
-If you misspell your password while running
-.Nm skey ,
+When you run
+.Xr skeyinit 1
+you inform the system of your
+secret password.
+Running
+.Nm
+then generates the
+one-time password(s), after requiring your secret password.
+If however, you misspell your secret password that you have given to
+.Xr skeyinit 1
+while running
+.Xr skey 1
 you will get a list of passwords
-that will not work, and no indication of the problem.
+that will not work, and no indication about the problem.
 .Pp
-Password sequence numbers count backwards.
+Password sequence numbers count backward from 99.
 You can enter the passwords using small letters, even though
-.Nm skey
+.Xr skey 1
 prints them capitalized.
 .Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n Ar count
-Prints out
+The
+.Fl n Ar count
+argument asks for
 .Ar count
-one-time passwords.
-The default is to print one.
-.It Fl p Ar password
-Uses
-.Ar password
-as the secret password.
-Use of this option is discouraged as
-your secret password could be visible in a process listing.
-.It Fl x
-Causes output to be in hexadecimal instead of ASCII.
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
-.El
+password sequences to be printed out ending with the requested
+sequence number.
+.Pp
+The hash algorithm is selected using the
+.Fl t Ar hash
+option, possible choices here are md4, md5 or sha1.
+.Pp
+The
+.Fl p Ar password
+allows the user to specify the
+.Em S/Key
+password on the command line.
+.Pp
+To output the S/Key list in hexadecimal instead of words,
+use the
+.Fl x
+option.
 .Sh EXAMPLES
-.sp 0
-    % skey 99 th91334
-.sp 0
-    Enter secret password: <your secret password is entered here>
-.sp 0
-    OMEN US HORN OMIT BACK AHOY
-.sp 0
-    %
+Initialize generation of one time passwords:
+.Bd -literal -offset indent
+host% skeyinit
+Password: \*[Lt]normal login password\*[Gt]
+[Adding username]
+Enter secret password: \*[Lt]new secret password\*[Gt]
+Again secret password: \*[Lt]new secret password again\*[Gt]
+ID username s/key is 99 host12345
+Next login password: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Produce a list of one time passwords to take with to a conference:
+.Bd -literal -offset indent
+host% skey -n 3 99 host12345
+Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
+97: NOSE FOOT RUSH FEAR GREY JUST
+98: YAWN LEO DEED BIND WACK BRAE
+99: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Logging in to a host where
+.Nm
+is installed:
+.Bd -literal -offset indent
+host% telnet host
+
+login: \*[Lt]username\*[Gt]
+Password [s/key 97 host12345]:
+.Ed
+.Pp
+Note that the user can use either his/her
+.Em S/Key
+password at the prompt but also the normal one unless the
+.Fl s
+flag is given to
+.Xr login 1 .
 .Sh SEE ALSO
 .Xr login 1 ,
+.Xr skeyaudit 1 ,
 .Xr skeyinfo 1 ,
-.Xr skeyinit 1
+.Xr skeyinit 1 ,
+.Xr ftpd 8
 .Pp
-.Em RFC1938
+.Em RFC 2289
 .Sh TRADEMARKS AND PATENTS
-S/Key is a Trademark of Bellcore.
+.Em S/Key
+is a trademark of
+.Tn Bellcore .
 .Sh AUTHORS
-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
+Phil Karn,
+Neil M. Haller,
+John S. Walden,
+Scott Chasin
diff -ruN skey-1.1.5.orig/skey.3 skey-1.1.5/skey.3
--- skey-1.1.5.orig/skey.3	1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skey.3	2003-11-06 17:46:45.000000000 +0000
@@ -0,0 +1,264 @@
+.\"     $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $
+.\"
+.\" Copyright (c) 2001 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Gregory McGarry.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"        This product includes software developed by the NetBSD
+.\"        Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\"    contributors may be used to endorse or promote products derived
+.\"    from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 10, 2001
+.Dt SKEY 3
+.Os
+.Sh NAME
+.Nm skey ,
+.Nm skeychallenge ,
+.Nm skeylookup ,
+.Nm skeygetnext ,
+.Nm skeyverify ,
+.Nm skeyzero ,
+.Nm getskeyprompt ,
+.Nm skey_set_algorithm ,
+.Nm skey_get_algorithm ,
+.Nm skey_haskey ,
+.Nm skey_keyinfo ,
+.Nm skey_passcheck ,
+.Nm skey_authenticate
+.Nd one-time password (OTP) library
+.Sh LIBRARY
+S/key One-Time Password Library (libskey, -lskey)
+.Sh SYNOPSIS
+.In skey.h
+.Ft int
+.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
+"size_t sslen"
+.Ft int
+.Fn skeylookup "struct skey *mp" "const char *name"
+.Ft int
+.Fn skeygetnext "struct skey *mp"
+.Ft int
+.Fn skeyverify "struct skey *mp" "char *response"
+.Ft int
+.Fn skeyzero "struct skey *mp" "char *response"
+.Ft int
+.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
+.Ft const char *
+.Fn skey_set_algorithm "const char *new"
+.Ft const char *
+.Fn skey_get_algorithm "void"
+.Ft int
+.Fn skey_haskey "const char *username"
+.Ft const char *
+.Fn skey_keyinfo "const char *username"
+.Ft int
+.Fn skey_passcheck "const char *username" "char *passwd"
+.Ft int
+.Fn skey_authenticate "const char *username"
+.Ft void
+.Fn f "char *x"
+.Ft int
+.Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+.Ft void
+.Fn rip "char *buf"
+.Ft char *
+.Fn readpass "char *buf " "int n"
+.Ft char *
+.Fn readskey "char *buf" "int n"
+.Ft int
+.Fn atob8 "char *out" "const char *in"
+.Ft int
+.Fn btoa8 "char *out" "const char *in"
+.Ft int
+.Fn htoi "int c"
+.Ft const char *
+.Fn skipspace "const char *cp"
+.Ft void
+.Fn backspace "char *buf"
+.Ft void
+.Fn sevenbit "char *buf"
+.Ft char *
+.Fn btoe "char *engout" "const char *c"
+.Ft int
+.Fn etob "char *out" "const char *e"
+.Ft char *
+.Fn put8 "char *out" "const char *s"
+.Sh DESCRIPTION
+The
+.Nm
+library provides routines for accessing
+.Nx Ns 's
+one-time password (OTP) authentication system.
+.Pp
+Most S/Key operations take a pointer to a
+.Em struct skey ,
+which should be considered as an opaque identifier.
+.Sh FUNCTIONS
+The following high-level functions are available:
+.Bl -tag -width compact
+.It Fn skeychallenge "mp" "name" "ss" "sslen"
+Return a S/Key challenge for user
+.Fa name .
+If successful, the caller's skey structure
+.Fa mp
+is filled and 0 is returned.
+If unsuccessful (e.g. if name is unknown),
+\-1 is returned.
+.It Fn skeylookup "mp" "name"
+Find an entry for user
+.Fa name
+in the one-time password database.
+Returns 0 if the entry is found and 1 if the entry is not found.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeygetnext "mp"
+Get the next entry in the one-time password database.
+Returns 0 on success and the entry is stored in
+.Ar mp
+and 1 if no more entries are available.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyverify "mp" "response"
+Verify response
+.Fa response
+to a S/Key challenge.
+Returns 0 if the verification is successful and 1 if the verification failed.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyzero "mp" "response"
+Comment out user's entry in the S/Key database.
+Returns 0 on success and the database is updated,
+otherwise \-1 is returned and the database remains unchanged.
+.It Fn getskeyprompt "mp" "name" "prompt"
+Issue a S/Key challenge for user
+.Ar name .
+If successful, fill in the caller's skey structure
+.Fa mp
+and return 0.
+If unsuccessful (e.g. if name is unknown) \-1 is returned.
+.El
+.Pp
+The following lower-level functions are available:
+.Bl -tag -width compact
+.It Fn skey_set_algorithm "new"
+Set hash algorithm type.
+Valid values for
+.Fa new
+are "md4", "md5" and "sha1".
+.It Fn skey_get_algorithm "void"
+Get current hash type.
+.It Fn skey_haskey "username"
+Returns 0 if the user
+.Fa username
+exists and 1 if the user doesn't exist.
+Returns \-1 on file error.
+.It Fn skey_keyinfo "username"
+Returns the current sequence number and seed for user
+.Ar username .
+.It Fn skey_passcheck "username" "passwd"
+Checks to see if answer is the correct one to the current challenge.
+.It Fn skey_authenticate "username"
+Used when calling program will allow input of the user's response to
+the challenge.
+Returns zero on success or \-1 on failure.
+.El
+.Pp
+The following miscellaneous functions are available:
+.Bl -tag -width compact
+.It Fn f "x"
+One-way function to take 8 bytes pointed to by
+.Fa x
+and return 8 bytes in place.
+.It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+Crunch a key.
+.It Fn rip "buf"
+Strip trailing CR/LF characters from a line of text
+.Fa buf .
+.It Fn readpass "buf" "n"
+Read in secret passwd (turns off echo).
+.It Fn readskey "buf" "n"
+Read in an s/key OTP (does not turn off echo).
+.It Fn atob8 "out" "in"
+Convert 8-byte hex-ascii string
+.Fa in
+to binary array
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn btoa8 "out" "in"
+Convert 8-byte binary array
+.Fa in
+to hex-ascii string
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn htoi "int c"
+Convert hex digit to binary integer.
+.It Fn skipspace "cp"
+Skip leading spaces from the string
+.Fa cp .
+.It Fn backspace "buf"
+Remove backspaced over characters from the string
+.Fa buf .
+.It Fn sevenbit "buf"
+Ensure line
+.Fa buf
+is all seven bits.
+.It Fn btoe "engout" "c"
+Encode 8 bytes in
+.Ar c
+as a string of English words.
+Returns a pointer to a static buffer in
+.Fa engout .
+.It Fn etob "out" "e"
+Convert English to binary.
+Returns 0 if the word is not in the database, 1 if all good words and
+parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word)
+and -2 if words are valid but parity is wrong.
+.It Fn put8 "out" "s"
+Display 8 bytes
+.Fa s
+as a series of 16-bit hex digits.
+.El
+.Sh FILES
+.Bl -tag -width /usr/lib/libskey_p.a -compact
+.It Pa /usr/lib/libskey.a
+static skey library
+.It Pa /usr/lib/libskey.so
+dynamic skey library
+.It Pa /usr/lib/libskey_p.a
+static skey library compiled for profiling
+.El
+.Sh SEE ALSO
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
+.Sh BUGS
+The
+.Nm
+library functions are not re-entrant or thread-safe.
+.Pp
+The
+.Nm
+library defines many poorly named functions which pollute the name space.
diff -ruN skey-1.1.5.orig/skeyaudit.1 skey-1.1.5/skeyaudit.1
--- skey-1.1.5.orig/skeyaudit.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,46 +1,29 @@
-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $
+.\"	$NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $
 .\"
-.Dd 22 July 1997
+.Dd June 9, 1994
 .Dt SKEYAUDIT 1
 .Os
 .Sh NAME
 .Nm skeyaudit
 .Nd warn users if their S/Key will soon expire
 .Sh SYNOPSIS
-.Nm skeyaudit
-.Op Fl a
-.Op Fl i
-.Op Fl l Ar limit
+.Nm
+.Op Ar limit
 .Sh DESCRIPTION
 .Nm
 searches through the file
-.Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
 for users whose S/Key sequence number is less than
 .Ar limit ,
-and mails them a reminder to run
+and sends them a reminder to run
 .Xr skeyinit 1
-soon.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-Check all keys in
-.Pa /etc/skeykeys .
-This option is only available to the superuser and
-is useful to run regularly via
-.Xr cron 8 .
-.It Fl i
-Interactive mode.
-Don't send mail, just print to the standard output.
-.It Fl l Ar limit
-The limit used to determine whether or not a user should be notified.
-The default is to notify if there are fewer than 12 keys left.
-.El
+soon. If no limit is specified a default of 12 is used.
 .Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
-S/Key key information database
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
+The S/Key key information database
 .El
 .Sh SEE ALSO
 .Xr skey 1 ,
+.Xr skeyinfo 1 ,
 .Xr skeyinit 1
diff -ruN skey-1.1.5.orig/skeyaudit.c skey-1.1.5/skeyaudit.c
--- skey-1.1.5.orig/skeyaudit.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,236 +0,0 @@
-/*	$OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $	*/
-
-/*
- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <errno.h>
-/*#include <limits.h>*/
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include "config.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#else
-#include "err.h"
-#endif
-#include "skey.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_LOGIN_CAP_H
-#   include <login_cap.h>
-#else
-#   include "login_cap.h"
-#endif
-
-char *__progname;
-
-void notify __P((struct passwd *, int, int));
-FILE *runsendmail __P((struct passwd *, int *));
-void usage __P((void));
-
-int
-main(argc, argv)
-	int argc;
-	char **argv;
-{
-	struct passwd *pw;
-	struct skey key;
-	int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12;
-	char *name;
-
-	__progname = argv[0];
-
-	if (geteuid() != 0)
-		errx(1, "must be setuid root");
-
-	while ((ch = getopt(argc, argv, "ail:")) != -1)
-		switch(ch) {
-		case 'a':
-			aflag = 1;
-			if (getuid() != 0)
-				errx(1, "only root may use the -a flag");
-			break;
-		case 'i':
-			iflag = 1;
-			break;
-		case 'l':
-			errno = 0;
-			if ((limit = (int)strtol(optarg, NULL, 10)) == 0)
-				errno = ERANGE;
-			if (errno) {
-				warn("key limit");
-				usage();
-			}
-			break;
-		default:
-			usage();
-	}
-
-	if (argc - optind > 0)
-		usage();
-
-	/* Need key.keyfile zero'd at the very least */
-	(void)memset(&key, 0, sizeof(key));
-
-	if (aflag) {
-		while ((ch = skeygetnext(&key)) == 0) {
-			left = key.n - 1;
-			if ((pw = getpwnam(key.logname)) == NULL)
-				continue;
-			if (left >= limit)
-				continue;
-			notify(pw, left, iflag);
-		}
-		if (ch == -1)
-			errx(-1, "cannot open %s", SKEYKEYS);
-		else
-			(void)fclose(key.keyfile);
-	} else {
-		if ((pw = getpwuid(getuid())) == NULL)
-			errx(1, "no passwd entry for uid %u", getuid());
-		if ((name = strdup(pw->pw_name)) == NULL)
-			err(1, "cannot allocate memory");
-		sevenbit(name);
-
-		errs = skeylookup(&key, name);
-		switch (errs) {
-			case 0:		/* Success! */
-				left = key.n - 1;
-				break;
-			case -1:	/* File error */
-				errx(errs, "cannot open %s", SKEYKEYS);
-				break;
-			case 1:		/* Unknown user */
-				warnx("%s is not listed in %s", name,
-				    SKEYKEYS);
-		}
-		(void)fclose(key.keyfile);
-
-		if (!errs && left < limit)
-			notify(pw, left, iflag);
-	}
-		
-	exit(errs);
-}
-
-void
-notify(pw, seq, interactive)
-	struct passwd *pw;
-	int seq;
-	int interactive;
-{
-	static char hostname[MAXHOSTNAMELEN];
-	int pid;
-	FILE *out;
-
-	/* Only set this once */
-	if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1)
-		strcpy(hostname, "unknown");
-
-	if (interactive)
-		out = stdout;
-	else
-		out = runsendmail(pw, &pid);
-
-	if (!interactive)
-		(void)fprintf(out,
-		   "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
-
-	if (seq)
-		(void)fprintf(out,
-"\nYou are nearing the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-Your S/Key sequence number is now %d.  When it reaches zero\n\
-you will no longer be able to use S/Key to log into the system.\n\n",
-pw->pw_name, hostname, seq);
-	else
-		(void)fprintf(out,
-"\nYou are at the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-At this point you can no longer use S/Key to log into the system.\n\n",
-pw->pw_name, hostname);
-	(void)fprintf(out,
-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n");
-
-	(void)fclose(out);
-	if (!interactive)
-		(void)waitpid(pid, NULL, 0);
-}
-
-FILE *
-runsendmail(pw, pidp)
-	struct passwd *pw;
-	int *pidp;
-{
-	FILE *fp;
-	int pfd[2], pid;
-
-	if (pipe(pfd) < 0)
-		return(NULL);
-
-	switch (pid = fork()) {
-	case -1:			/* fork(2) failed */
-		(void)close(pfd[0]);
-		(void)close(pfd[1]);
-		return(NULL);
-	case 0:				/* In child */
-		(void)close(pfd[1]);
-		(void)dup2(pfd[0], STDIN_FILENO);
-		(void)close(pfd[0]);
-
-		/* Run sendmail as target user not root */
-		if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
-			warn("cannot set user context");
-			_exit(127);
-		}
-
-		execl(SENDMAIL, "sendmail", "-t", NULL);
-		warn("cannot run \"%s -t\"", SENDMAIL);
-		_exit(127);
-	}
-
-	/* In parent */
-	*pidp = pid;
-	fp = fdopen(pfd[1], "w");
-	(void)close(pfd[0]);
-
-	return(fp);
-}
-void
-usage()
-{
-	(void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n",
-	    __progname);
-	exit(1);
-}
diff -ruN skey-1.1.5.orig/skeyaudit.sh skey-1.1.5/skeyaudit.sh
--- skey-1.1.5.orig/skeyaudit.sh	1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skeyaudit.sh	2003-11-06 17:46:45.000000000 +0000
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+#	$NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
+#
+# This script will look thru the skeykeys file for
+# people with sequence numbers less than LOWLIMIT=12
+# and send them an e-mail reminder to use skeyinit soon
+# 
+
+KEYDB=/etc/skey/skeykeys
+LOWLIMIT=12
+ADMIN=root
+SUBJECT="Reminder: Run skeyinit"
+HOST=`/bin/hostname`
+
+
+if [ "$1" != "" ]
+then
+ LOWLIMIT=$1
+fi
+
+if [ ! -s "${KEYDB}" ]; then
+  exit 0
+fi
+
+# an skeykeys entry looks like
+#   jsw 0076 la13079          ba20a75528de9d3a
+#   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
+#   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
+# the sequence number is the second (or third) entry
+#
+
+SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
+
+set -- ${SKEYS}
+
+while [ "X$1" != "X" ]; do
+  USER=$1
+  SEQ=$2
+  KEY=$3
+  shift 3
+  # echo "$USER -- $SEQ -- $KEY"
+  if [ $SEQ -lt $LOWLIMIT ]; then
+    if [ $SEQ -lt  3 ]; then
+      SUBJECT="IMPORTANT action required"
+    fi
+    (
+    echo "You are nearing the end of your current S/Key sequence for account $i"
+    echo "on system $HOST."
+    echo ""
+    echo "Your S/key sequence number is now $SEQ.  When it reaches zero you"
+    echo "will no longer be able to use S/Key to login into the system.  "
+    echo " "
+    echo "Use \"skeyinit -s\" to reinitialize your sequence number."
+    echo ""
+    ) | mail -s "$SUBJECT"  $USER $ADMIN
+  fi
+done
diff -ruN skey-1.1.5.orig/skey.c skey-1.1.5/skey.c
--- skey-1.1.5.orig/skey.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.c	2003-11-06 17:46:45.000000000 +0000
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <ctype.h>
 #include "config.h"
 
 #ifdef HAVE_ERR_H
@@ -35,102 +36,93 @@
 
 #include "skey.h"
 
-void    usage __P((char *));
+int		main(int, char **);
+void	usage(char *);
 
 int
-main(argc, argv)
-	int	argc;
-	char	*argv[];
+main(int	argc, char	**argv)
 {
-	int     n, i, cnt = 1, pass = 0, hexmode = 0;
-	char    passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
-	char	buf[33], *seed, *slash;
-
-	/* If we were called as otp-METHOD, set algorithm based on that */
-	if ((slash = strrchr(argv[0], '/')))
-	    slash++;
-	else
-	    slash = argv[0];
-	if (strncmp(slash, "otp-", 4) == 0) {
-		slash += 4;
-		if (skey_set_algorithm(slash) == NULL)
-			errx(1, "Unknown hash algorithm %s", slash);
-	}
-
-	for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
-		if (argv[i][2] == '\0') {
-			/* Single character switch */
-			switch (argv[i][1]) {
+	int		n, cnt = 1, i, pass = 0, hexmode = 0;
+	char	passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+	char	buf[33], *seed, *slash, *t;
+
+	while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
+		switch(i) {
+			case 'f':
+				break; /* unused */
 			case 'n':
-				if (i + 1 == argc)
-					usage(argv[0]);
-				cnt = atoi(argv[++i]);
+				cnt = atoi(optarg);
 				break;
 			case 'p':
-				if (i + 1 == argc)
-					usage(argv[0]);
-				if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
-				    sizeof(passwd))
-					errx(1, "Password too long");
+				if (strncpy(passwd, optarg, sizeof(passwd)) == NULL)
+						errx(1, "Password too long");
 				pass = 1;
 				break;
+			case 't':
+				if (skey_set_algorithm(optarg) == NULL)
+					errx(1, "Unknown hash algorithm %s", optarg);
+				break;
 			case 'x':
 				hexmode = 1;
 				break;
 			default:
 				usage(argv[0]);
-			}
-		} else {
-			/* Multi character switches are hash types */
-			if (skey_set_algorithm(&argv[i][1]) == NULL) {
-				warnx("Unknown hash algorithm %s", &argv[i][1]);
-				usage(argv[0]);
-			}
+				break;
 		}
-		i++;
 	}
 
-	if (argc > i + 2)
-		usage(argv[0]);
-
-	/* Could be in the form <number>/<seed> */
-	if (argc <= i + 1) {
+	/* could be in the form <number>/<seed> */
+	if (argc <= optind + 1) {
 		/* look for / in it */
-		if (argc <= i)
+		if (argc <= optind)
 			usage(argv[0]);
-		slash = strchr(argv[i], '/');
+		slash = strchr(argv[optind], '/');
 		if (slash == NULL)
 			usage(argv[0]);
 		*slash++ = '\0';
 		seed = slash;
 
-		if ((n = atoi(argv[i])) < 0) {
-			warnx("%d not positive", n);
+		if ((n = atoi(argv[optind])) < 0) {
+			fprintf(stderr, "%s is not positive\n", argv[optind]);
 			usage(argv[0]);
 		} else if (n > SKEY_MAX_SEQ) {
 			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
 			usage(argv[0]);
 		}
 	} else {
-		if ((n = atoi(argv[i])) < 0) {
-			warnx("%d not positive", n);
+		if ((n = atoi(argv[optind])) < 0) {
+			fprintf(stderr, "%s not positive\n", argv[optind]);
 			usage(argv[0]);
 		} else if (n > SKEY_MAX_SEQ) {
 			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
 			usage(argv[0]);
 		}
-		seed = argv[++i];
+		seed = argv[++optind];
+	}
+
+	for (t = seed; *t; t++) {
+		if (!isalnum(*t))
+			errx(1, "seed must be alphanumeric");
 	}
 
+	if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
+		errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
+
 	/* Get user's secret password */
 	if (!pass) {
-		(void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr);
-		(void)fputs("Enter secret password: ", stderr);
+		fputs("Reminder - Do not use this program while "
+					"logged in via telnet or rlogin.\n", stderr);
+		fprintf(stderr, "Enter secret password: ");
 		readpass(passwd, sizeof(passwd));
 		if (passwd[0] == '\0') 
 			exit(1);
 	}
 
+	if (strlen(passwd) < SKEY_MIN_PW_LEN)
+		warnx(
+	"RFC2289 states that password should be at least %d characters long",
+	SKEY_MIN_PW_LEN);
+
 	/* Crunch seed and password into starting key */
 	if (keycrunch(key, seed, passwd) != 0)
 		errx(1, "key crunch failed");
@@ -138,16 +130,15 @@
 	if (cnt == 1) {
 		while (n-- != 0)
 			f(key);
-		(void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
+			puts(hexmode ? put8(buf, key) : btoe(buf, key));
 	} else {
 		for (i = 0; i <= n - cnt; i++)
 			f(key);
 		for (; i <= n; i++) {
+			printf("%3d: %-29s", i, btoe(buf, key));
 			if (hexmode)
-				(void)printf("%d: %-29s  %s\n", i,
-				    btoe(buf, key), put8(buf, key));
-			else
-				(void)printf("%d: %-29s\n", i, btoe(buf, key));
+				printf("\t%s", put8(buf, key));
+			puts("");
 			f(key);
 		}
 	}
@@ -155,9 +146,10 @@
 }
 
 void
-usage(s)
-	char   *s;
+usage(char *s)
 {
-	(void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s);
+	fprintf(stderr, 
+"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n",
+	s);
 	exit(1);
 }
diff -ruN skey-1.1.5.orig/skey.h skey-1.1.5/skey.h
--- skey-1.1.5.orig/skey.h	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.h	2003-11-06 17:46:45.000000000 +0000
@@ -1,3 +1,5 @@
+/*	$NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $	*/
+
 /*
  * S/KEY v1.1b (skey.h)
  *
@@ -11,86 +13,86 @@
  *          Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Main client header
- *
- * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $
  */
 
 /* Server-side data structure for reading keys file during login */
-struct skey {
-	FILE *keyfile;
-	char buf[256];
-	char *logname;
-	int n;
-	char *seed;
-	char *val;
-	long recstart;		/* needed so reread of buffer is efficient */
+struct skey
+{
+  FILE *keyfile;
+  char buf[256];
+  char *logname;
+  int n;
+  char *seed;
+  char *val;
+  long recstart;		/* needed so reread of buffer is efficient */
 };
 
 /* Client-side structure for scanning data stream for challenge */
-struct mc {
-	char buf[256];
-	int skip;
-	int cnt;
+struct mc
+{
+  char buf[256];
+  int skip;
+  int cnt;
 };
 
 /* Maximum sequence number we allow */
 #ifndef SKEY_MAX_SEQ
-#define SKEY_MAX_SEQ		10000
+#define SKEY_MAX_SEQ           10000
 #endif
 
-/* Minimum secret password length (rfc1938) */
+/* Minimum secret password length (rfc2289) */
 #ifndef SKEY_MIN_PW_LEN
-#define SKEY_MIN_PW_LEN		10
+#define SKEY_MIN_PW_LEN                10
 #endif
 
-/* Max secret password length (rfc1938 says 63 but allows more) */
+/* Max secret password length (rfc2289 says 63 but allows more) */
 #ifndef SKEY_MAX_PW_LEN
-#define SKEY_MAX_PW_LEN		255
+#define SKEY_MAX_PW_LEN                255
 #endif
 
-/* Max length of an S/Key seed (rfc1938) */
+/* Max length of an S/Key seed (rfc2289) */
 #ifndef SKEY_MAX_SEED_LEN
-#define SKEY_MAX_SEED_LEN	16
+#define SKEY_MAX_SEED_LEN  	 16
 #endif
 
 /* Max length of S/Key challenge (otp-???? 9999 seed) */
 #ifndef SKEY_MAX_CHALLENGE
-#define SKEY_MAX_CHALLENGE	(11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
+#define SKEY_MAX_CHALLENGE 	 (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
 #endif
 
 /* Max length of hash algorithm name (md4/md5/sha1/rmd160) */
-#define SKEY_MAX_HASHNAME_LEN	6
+#define SKEY_MAX_HASHNAME_LEN  6
 
 /* Size of a binary key (not NULL-terminated) */
-#define SKEY_BINKEY_SIZE	8
+#define SKEY_BINKEY_SIZE		 8
 
 /* Location of random file for bogus challenges */
-#define _SKEY_RAND_FILE_PATH_	"/var/db/host.random"
+#define _SKEY_RAND_FILE_PATH_  "/var/db/host.random"
 
 /* Prototypes */
-void f(char *x);
-int keycrunch(char *result, char *seed, char *passwd);
-char *btoe(char *engout, char *c);
-char *put8(char *out, char *s);
-int etob(char *out, char *e);
-void rip(char *buf);
-int skeychallenge(struct skey * mp, char *name, char *ss);
-int skeylookup (struct skey * mp, char *name);
-int skeyverify (struct skey * mp, char *response);
-int skeyzero (struct skey * mp, char *response);
-void sevenbit (char *s);
-void backspace (char *s);
-char *skipspace (char *s);
-char *readpass (char *buf, int n);
-char *readskey (char *buf, int n);
-int skey_authenticate (char *username);
-int skey_passcheck (char *username, char *passwd);
-char *skey_keyinfo (char *username);
-int skey_haskey (char *username);
-int getskeyprompt (struct skey *mp, char *name, char *prompt);
-int atob8 (char *out, char *in);
-int btoa8 (char *out, char *in);
-int htoi (int c);
-const char *skey_get_algorithm (void);
-char *skey_set_algorithm (char *new);
-int skeygetnext (struct skey *mp);
+void f __P ((char *));
+int keycrunch __P ((char *, const char *, const char *));
+char *btoe __P ((char *, const char *));
+char *put8 __P ((char *, const char *));
+int etob __P ((char *, const char *));
+void rip __P ((char *));
+int skeychallenge __P ((struct skey *, const char *, char *, size_t));
+int skeylookup __P ((struct skey *, const char *));
+int skeyverify __P ((struct skey *, char *));
+void sevenbit __P ((char *));
+void backspace __P ((char *));
+const char *skipspace __P ((const char *));
+char *readpass __P ((char *, int));
+char *readskey __P ((char *, int));
+int skey_authenticate __P ((const char *));
+int skey_passcheck __P ((const char *, char *));
+const char *skey_keyinfo __P ((const char *));
+int skey_haskey __P ((const char *));
+int getskeyprompt __P ((struct skey *, char *, char *));
+int atob8 __P((char *, const char *));
+int btoa8 __P((char *, const char *));
+int htoi __P((int));
+const char *skey_get_algorithm __P((void));
+const char *skey_set_algorithm __P((const char *));
+int skeygetnext __P((struct skey *));
+int skeyzero __P((struct skey *, char *));
diff -ruN skey-1.1.5.orig/skeyinfo.1 skey-1.1.5/skeyinfo.1
--- skey-1.1.5.orig/skeyinfo.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,30 +1,19 @@
-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
+.\"	$NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $
 .\"
-.Dd 22 July 1997
+.Dd June 9, 1994
 .Dt SKEYINFO 1
 .Os
 .Sh NAME
 .Nm skeyinfo
 .Nd obtain the next S/Key challenge for a user
 .Sh SYNOPSIS
-.Nm skeyinfo
-.Op Fl v
+.Nm
 .Op Ar user
 .Sh DESCRIPTION
 .Nm
 prints out the next S/Key challenge for the specified user or for the
 current user if no user is specified.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl v
-Print the hash algorithm as well.
-.El
-.Sh EXAMPLES
-% skey -n <number of passwords to print> `skeyinfo` | lpr
-.Pp
-This would print out a list of S/Key passwords for use over
-an untrusted network (perhaps for use at a conference).
 .Sh SEE ALSO
 .Xr skey 1 ,
+.Xr skeyaudit 1 ,
 .Xr skeyinit 1
diff -ruN skey-1.1.5.orig/skeyinfo.c skey-1.1.5/skeyinfo.c
--- skey-1.1.5.orig/skeyinfo.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.c	2003-11-06 17:46:45.000000000 +0000
@@ -1,9 +1,12 @@
-/*    $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $    */
+/*	$NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $	*/
 
-/*
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+/*-
+ * Copyright (c) 1997 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Andrew Brown.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -12,104 +15,79 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the NetBSD
+ *	Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*#include <limits.h>*/
-#include <pwd.h>
 #include <stdio.h>
-#include <stdlib.h>
+#include <pwd.h>
+#include <err.h>
 #include <string.h>
 #include <unistd.h>
-#include "config.h"
-#include "skey.h"
-/*#include "defines.h"*/
 
-char *__progname;
+#include "skey.h"
 
-void usage(void);
+int main __P((int, char *[]));
 
-int
-main(argc, argv)
-	int argc;
-	char **argv;
+int main(int argc, char **argv)
 {
-	struct passwd *pw;
-	struct skey key;
-	char *name = NULL;
-	int error, ch, verbose = 0;
-
- 	__progname=argv[0];
-
-	if (geteuid() != 0)
-		errx(1, "must be setuid root");
-
-	while ((ch = getopt(argc, argv, "v")) != -1)
-		switch(ch) {
-		case 'v':
-			verbose = 1;
-			break;
-		default:
-			usage();
+	struct skey     skey;
+	char            name[100], prompt[1024];
+	int             uid;
+	struct passwd  *pw = NULL;
+
+	argc--;
+	argv++;
+
+	if (geteuid())
+		errx(1, "must be root to read %s", SKEYKEYS);
+
+	uid = getuid();
+
+	if (!argc)
+		pw = getpwuid(uid);
+	else if (!uid)
+		pw = getpwnam(argv[0]);
+	else
+		errx(1, "permission denied to look other users skeys");
+
+	if (!pw) {
+		if (argc)
+			errx(1, "%s: no such user", argv[0]);
+		else
+			errx(1, "who are you?");
 	}
-	argc -= optind;
-	argv += optind;
 
-	if (argc == 1)
-		name = argv[0];
-	else if (argc > 1)
-		usage();
-
-	if (name && getuid() != 0)
-		errx(1, "only root may specify an alternate user");
-
-	if (name) {
-		if (strlen(name) > PASS_MAX)
-			errx(1, "username too long (%d chars max)", PASS_MAX);
-		if ((pw = getpwnam(name)) == NULL)
-			errx(1, "no passwd entry for %s", name);
-	} else {
-		if ((pw = getpwuid(getuid())) == NULL)
-			errx(1, "no passwd entry for uid %u", getuid());
-	}
+	strncpy(name, pw->pw_name, sizeof(name));
 
-	if ((name = strdup(pw->pw_name)) == NULL)
-		err(1, "cannot allocate memory");
-	sevenbit(name);
-
-	error = skeylookup(&key, name);
-	switch (error) {
-		case 0:		/* Success! */
-			if (verbose)
-				(void)printf("otp-%s ", skey_get_algorithm());
-			(void)printf("%d %s\n", key.n - 1, key.seed);
-			break;
-		case -1:	/* File error */
-			warnx("cannot open %s", SKEYKEYS);
-			break;
-		case 1:		/* Unknown user */
-			warnx("%s is not listed in %s", name, SKEYKEYS);
+	if (getskeyprompt(&skey, name, prompt) == -1) {
+		printf("%s %s no s/key\n",
+		       argc ? name : "You",
+		       argc ? "has" : "have");
 	}
-	(void)fclose(key.keyfile);
-
-	exit(error);
-}
-
-void
-usage()
-{
-	(void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
-	exit(1);
+	else {
+		if (argc)
+			printf("%s's ", pw->pw_name);
+		else
+			printf("Your ");
+		printf("next %s", prompt);
+	}
+	return 0;
 }
diff -ruN skey-1.1.5.orig/skeyinit.1 skey-1.1.5/skeyinit.1
--- skey-1.1.5.orig/skeyinit.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,22 +1,18 @@
-.\"	$OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
-.\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
+.\"	$NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
-.Dd February 24, 1998
+.Dd June 7, 2000
 .Dt SKEYINIT 1
 .Os
 .Sh NAME
 .Nm skeyinit
 .Nd change password or add user to S/Key authentication system
 .Sh SYNOPSIS
-.Nm skeyinit
+.Nm
+.Op Fl n Ar count
 .Op Fl s
+.Op Fl t Ar hash
 .Op Fl z
-.Op Fl n Ar count
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
 .Op Ar user
 .Sh DESCRIPTION
 .Nm
@@ -30,52 +26,17 @@
 .Nm
 requires you to type a secret password, so it should be used
 only on a secure terminal.
-For example, on the console of a
-workstation or over an encrypted network session.
-If you are using
-.Nm
-while logged in over an untrusted network, follow the instructions
-given below with the
-.Fl s
-option.
-.Pp
-Before initializing an S/Key entry, the user must authenticate
-using either a standard password or an S/Key challenge.
-When used over an untrusted network, a password of
-.Sq s/key
-should be used.
-The user will then be presented with the standard
-S/Key challenge and allowed to proceed if it is correct.
-.Pp
-The options are as follows:
+.Sh OPTIONS
 .Bl -tag -width Ds
-.It Fl x
-Displays pass phrase in hexadecimal instead of ASCII.
 .It Fl s
-Set secure mode where the user is expected to have used a secure
-machine to generate the first one-time password.
-Without the
-.Fl s
-option the system will assume you are directly connected over secure
-communications and prompt you for your secret password.
-The
-.Fl s
-option also allows one to set the seed and count for complete
-control of the parameters.
-You can use
-.Ic skeyinit -s
-in combination with the
-.Nm skey
-command to set the seed and count if you do not like the defaults.
-To do this run
-.Nm
-in one window and put in your count and seed, then run
-.Nm skey
-in another window to generate the correct 6 English words for that
-count and seed.
-You can then "cut-and-paste" or type the words into the
-.Nm
-window.
+allows the user to set the seed and count for complete control
+of the parameters.
+To do this run skeyinit in one window and put in your count and seed;
+then run
+.Xr skey 1
+in another window to generate the correct 6 english words
+for that count and seed.
+You can then "cut-and-paste" or type the words into the skeyinit window.
 .It Fl z
 Allows the user to zero their S/Key entry.
 .It Fl n Ar count
@@ -84,30 +45,22 @@
 sequence at
 .Ar count
 (default is 100).
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
+.It Fl t Ar hash
+Selects the hash algorithm to use.
+Available choices are md4 (the default), md5 or sha1.
 .It Ar user
 The username to be changed/added.
-By default the current user is operated on.
+By default the current user is operated on, only root may
+change other user's entries.
 .El
-.Sh ERRORS
-.Bl -tag -width "skey disabled"
-.It skey disabled
-.Pa /etc/skeykeys
-does not exist.
-It must be created by the superuser in order to use
-.Nm skeyinit .
 .Sh FILES
-.Bl -tag -width /etc/skeykeys
-.It Pa /etc/skeykeys
-database of information for S/Key system
+.Bl -tag -width /etc/skey/skeykeys
+.It Pa /etc/skey/skeykeys
+data base of information for S/Key system.
+.El
 .Sh SEE ALSO
-.Xr skey 1
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
 .Sh AUTHORS
 Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
diff -ruN skey-1.1.5.orig/skeyinit.c skey-1.1.5/skeyinit.c
--- skey-1.1.5.orig/skeyinit.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.c	2003-11-06 17:46:45.000000000 +0000
@@ -43,6 +43,18 @@
 
 #include <netdb.h>
 
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+#ifdef HAVE_CRACK_H
+#include <crack.h>
+#ifndef CRACKLIB_DICTPATH
+#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict"
+#endif
+#endif
+
+#include "err.h"
 #include "skey.h"
 
 
@@ -50,62 +62,80 @@
 #define SKEY_NAMELEN    4
 #endif
 
-void	usage __P((char *));
+int	main __P((int, char **));
 
-int
-main(argc, argv)
-	int     argc;
-	char   *argv[];
+int main(int argc, char **argv)
 {
-	int     rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0;
+	int     rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0;
 	time_t  now;
-	struct utmp old_ut;
-
-#ifndef UT_LINESIZE
-#  define UT_LINESIZE (sizeof(old_ut.ut_line))
-#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
-#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-
-	char	hostname[MAXHOSTNAMELEN];
+	char	hostname[MAXHOSTNAMELEN+1];
+	char	seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE];
+	char	defaultseed[SKEY_MAX_SEED_LEN+1];
 	char    passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2];
-	char	seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1];
-	char    tbuf[27], buf[80], key[SKEY_BINKEY_SIZE];
-	char    lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
-	struct skey skey;
-	struct passwd *pp;
-	struct tm *tm;
+	char    tbuf[27], buf[80];
+	char    lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg;
+	const 	char *salt;
+	struct	skey skey;
+	struct	passwd *pp;
+	struct	tm *tm;
+#ifdef HAVE_SHADOW_H
+	struct	spwd *sp;
+#endif
+
+	i = open(_PATH_DEVNULL, O_RDWR);
+	while (i >= 0 && i < 2)
+		i = dup(i);
+	if (i > 2)
+		close(i);
 
 	if (geteuid() != 0)
 		errx(1, "must be setuid root.");
 
 	if (gethostname(hostname, sizeof(hostname)) < 0)
-		err(1, "gethostname");
-	for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) {
-		if (isalpha(hostname[i])) {
-			if (isupper(hostname[i]))
-				hostname[i] = tolower(hostname[i]);
-			*p++ = hostname[i];
-		} else if (isdigit(hostname[i]))
-			*p++ = hostname[i];
+		err(1, "gethostname() error");
+
+	for (i = 0, l = 0; l < sizeof(defaultseed); i++) {
+		if (hostname[i] == '\0') {
+			defaultseed[l] = hostname[i];
+			break;
+		}
+		if (isalnum(hostname[i]))
+			defaultseed[l++] = hostname[i];
 	}
-	*p = '\0';
-	(void)time(&now);
-	(void)sprintf(tbuf, "%05ld", (long) (now % 100000));
-	(void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+
+	defaultseed[SKEY_NAMELEN] = '\0';
+	time(&now);
+	snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
+	strncat(defaultseed, tbuf, sizeof(defaultseed));
 
 	if ((pp = getpwuid(getuid())) == NULL)
-		err(1, "no user with uid %d", getuid());
-	(void)strcpy(me, pp->pw_name);
+		err(1, "no user with uid %ld", (u_long)getuid());
+	strncpy(me, pp->pw_name, sizeof(me));
 
 	if ((pp = getpwnam(me)) == NULL)
-		err(1, "Who are you?");
+		err(1, "getpwnam() returned NULL, Who are you?");
+#ifdef HAVE_SHADOW_H
+	/* hacking in shadow support... */
+	else if (strcmp(pp->pw_passwd, "x") == 0) {
+		if ((sp = getspnam(me)) == NULL)
+		      err(1, "Unable to verify Password");
+		pp->pw_passwd = sp->sp_pwdp;
+	}
+#endif
 	salt = pp->pw_passwd;
 
-	for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
-		if (argv[i][2] == '\0') {
-			/* Single character switch */
-			switch (argv[i][1]) {
+	while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
+		switch(c) {
+			case 'n':
+				n = atoi(optarg);
+				if (n < 1 || n > SKEY_MAX_SEQ)
+					errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
+				break;
+			case 't':
+				if(skey_set_algorithm(optarg) == NULL)
+					errx(1, "Unknown hash algorithm %s", optarg);
+				ht = optarg;
+				break;
 			case 's':
 				defaultsetup = 0;
 				break;
@@ -115,105 +145,51 @@
 			case 'z':
 				zerokey = 1;
 				break;
-			case 'n':
-				if (argv[++i] == NULL || argv[i][0] == '\0')
-					usage(argv[0]);
-				if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ)
-					errx(1, "count must be > 0 and < %d",
-					     SKEY_MAX_SEQ);
-				break;
 			default:
-				usage(argv[0]);
-			}
-		} else {
-			/* Multi character switches are hash types */
-			if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
-				warnx("Unknown hash algorithm %s", &argv[i][1]);
-				usage(argv[0]);
+				errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]);
 			}
 		}
-		i++;
-	}
+		
+		if (argc > optind) {
+			pp = getpwnam(argv[optind]);
+			if (pp == NULL)
+				errx(1, "User %s unknown", argv[optind]);
+		}
 
-	/* check for optional user string */
-	if (argc - i  > 1) {
-		usage(argv[0]);
-	} else if (argv[i]) {
-		if ((pp = getpwnam(argv[i])) == NULL) {
-			if (getuid() == 0) {
-				static struct passwd _pp;
-
-				_pp.pw_name = argv[i];
-				pp = &_pp;
-				warnx("Warning, user unknown: %s", argv[i]);
-			} else {
-				errx(1, "User unknown: %s", argv[i]);
-			}
-		} else if (strcmp(pp->pw_name, me) != 0) {
+		if (strcmp(pp->pw_name, me) != 0) {
 			if (getuid() != 0) {
 				/* Only root can change other's passwds */
 				errx(1, "Permission denied.");
 			}
 		}
-	}
 
 	if (getuid() != 0) {
-		pw = getpass("Password (or `s/key'):");
-		if (strcasecmp(pw, "s/key") == 0) {
-			if (skey_haskey(me))
-				exit(1);
-			if (skey_authenticate(me))
-				errx(1, "Password incorrect.");
-		} else {
-			p = crypt(pw, salt);
-			if (strcmp(p, pp->pw_passwd))
-				errx(1, "Password incorrect.");
-		}
+		pw = getpass("Password: ");
+		p = crypt(pw, salt);
+		if (strcmp(p, pp->pw_passwd))
+			errx(1, "Password incorrect.");
 	}
 
 	rval = skeylookup(&skey, pp->pw_name);
 	switch (rval) {
 		case -1:
-			if (errno == ENOENT)
-				errx(1, "S/Key disabled");
-			else
-				err(1, "cannot open database");
-			break;
+			err(1, "cannot open database");
 		case 0:
-			/* comment out user if asked to */
 			if (zerokey)
-				exit(skeyzero(&skey, pp->pw_name));
+				exit (skeyzero(&skey, pp->pw_name));
+			printf("[Updating %s]\n", pp->pw_name);
+			printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
 
-			(void)printf("[Updating %s]\n", pp->pw_name);
-			(void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
-				     skey.seed);
-
-			/*
-			 * Sanity check old seed.
-			 */
 			l = strlen(skey.seed);
-			for (p = skey.seed; *p; p++) {
-				if (isalpha(*p)) {
-					if (isupper(*p))
-						*p = tolower(*p);
-				} else if (!isdigit(*p)) {
-					memmove(p, p + 1, l - (p - skey.seed));
-					l--;
-				}
-			}
-
-			/*
-			 * Let's be nice if they have an skey.seed that
-			 * ends in 0-8 just add one
-			 */
 			if (l > 0) {
 				lastc = skey.seed[l - 1];
-				if (isdigit(lastc) && lastc != '9') {
-					(void)strcpy(defaultseed, skey.seed);
+				if (isdigit((unsigned char)lastc) && lastc != '9') {
+					strncpy(defaultseed, skey.seed, sizeof(defaultseed));
 					defaultseed[l - 1] = lastc + 1;
 				}
-				if (isdigit(lastc) && lastc == '9' && l < 16) {
-					(void)strcpy(defaultseed, skey.seed);
+				if (isdigit((unsigned char)lastc) && lastc == '9' && 
+					l < 16) {
+					strncpy(defaultseed, skey.seed, sizeof(defaultseed));
 					defaultseed[l - 1] = '0';
 					defaultseed[l] = '0';
 					defaultseed[l + 1] = '\0';
@@ -223,7 +199,7 @@
 		case 1:
 			if (zerokey)
 				errx(1, "You have no entry to zero.");
-			(void)printf("[Adding %s]\n", pp->pw_name);
+			printf("[Adding %s]\n", pp->pw_name);
 			break;
 	}
 	if (n == 0)
@@ -237,37 +213,33 @@
 	}
 
 	if (!defaultsetup) {
-		(void)printf("You need the 6 english words generated from the \"skey\" command.\n");
+		printf("You need the 6 english words generated from the \"skey\" command.\n");
 		for (i = 0; ; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("Enter sequence count from 1 to %d: ",
-				     SKEY_MAX_SEQ);
-			(void)fgets(buf, sizeof(buf), stdin);
+			printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
+			fgets(buf, sizeof(buf), stdin);
 			n = atoi(buf);
 			if (n > 0 && n < SKEY_MAX_SEQ)
 				break;	/* Valid range */
-			(void)printf("Error: Count must be > 0 and < %d\n",
-				     SKEY_MAX_SEQ);
+			printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
 		}
 
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("Enter new key [default %s]: ",
-				     defaultseed);
-			(void)fgets(seed, sizeof(seed), stdin);
+			printf("Enter new seed [default %s]: ", defaultseed);
+			fflush(stdout);
+			fgets(seed, sizeof(seed), stdin);
 			rip(seed);
-			if (seed[0] == '\0')
-				(void)strcpy(seed, defaultseed);
 			for (p = seed; *p; p++) {
 				if (isalpha(*p)) {
 					if (isupper(*p))
 						*p = tolower(*p);
 				} else if (!isdigit(*p)) {
-					(void)puts("Error: seed may only contain alpha numeric characters");
+					puts("Error: seed may only contain alpha numeric characters");
 					break;
 				}
 			}
@@ -275,66 +247,75 @@
 				break;  /* Valid seed */
 		}
 		if (strlen(seed) > SKEY_MAX_SEED_LEN) {
-			(void)printf("Notice: Seed truncated to %d characters.\n",
-				     SKEY_MAX_SEED_LEN);
+			printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
 			seed[SKEY_MAX_SEED_LEN] = '\0';
 		} 
+		if (seed[0] == '\0')
+			strncpy(seed, defaultseed, sizeof(seed));
 
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("otp-%s %d %s\nS/Key access password: ",
+			printf("otp-%s %d %s\ns/key access password: ",
 				     skey_get_algorithm(), n, seed);
-			(void)fgets(buf, sizeof(buf), stdin);
+			fgets(buf, sizeof(buf), stdin);
 			rip(buf);
 			backspace(buf);
 
 			if (buf[0] == '?') {
-				(void)puts("Enter 6 English words from secure S/Key calculation.");
+				puts("Enter 6 English words from secure s/key calculation.");
 				continue;
 			} else if (buf[0] == '\0')
 				exit(1);
 			if (etob(key, buf) == 1 || atob8(key, buf) == 0)
 				break;	/* Valid format */
-			(void)puts("Invalid format - try again with 6 English words.");
+			puts("Invalid format - try again with 6 English words.");
 		}
 	} else {
 		/* Get user's secret password */
-		fputs("Reminder - Only use this method if you are directly connected\n           or have an encrypted channel.  If you are using telnet\n           or rlogin, exit with no password and use skeyinit -s.\n", stderr);
+		puts("Reminder - Only use this method if you are directly connected\n"
+			"or have an encrypted channel.  If you are using telnet\n"
+			"or rlogin, exit with no password and use skeyinit -s.\n");
 
 		for (i = 0;; i++) {
-			if (i > 2)
+			if (i >= 3)
 				exit(1);
 
-			(void)fputs("Enter secret password: ", stderr);
+			printf("Enter secret password: ");
 			readpass(passwd, sizeof(passwd));
 			if (passwd[0] == '\0')
 				exit(1);
 
 			if (strlen(passwd) < SKEY_MIN_PW_LEN) {
-				(void)fprintf(stderr,
-				    "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
+				fprintf(stderr,
+	"Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
 				continue;
 			} else if (strcmp(passwd, pp->pw_name) == 0) {
-				(void)fputs("Your password may not be the same as your user name.\n", stderr);
-				continue;
-			} else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) {
-				(void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr);
+				fputs("Your password may not be the same as your user name.\n", stderr);
 				continue;
+			} 
+#ifdef HAVE_CRACK_H
+			if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) {
+				warnx("Warning: %s", msg);
+				/* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */
+				/*	continue; */
 			}
+#endif
 
-			(void)fputs("Again secret password: ", stderr);
+			printf("Again secret password: ");
 			readpass(passwd2, sizeof(passwd));
+			if (passwd2[0] == '\0')
+				exit(1);
 
 			if (strcmp(passwd, passwd2) == 0)
 				break;
 
-			(void)fputs("Passwords do not match.\n", stderr);
+			puts("Passwords do not match.");
 		}
 
 		/* Crunch seed and password into starting key */
-		(void)strcpy(seed, defaultseed);
+		strncpy(seed, defaultseed, sizeof(seed));
 		if (keycrunch(key, seed, passwd) != 0)
 			err(2, "key crunch failed");
 
@@ -342,16 +323,16 @@
 		while (nn-- != 0)
 			f(key);
 	}
-	(void)time(&now);
+	time(&now);
 	tm = localtime(&now);
-	(void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
 
 	if ((skey.val = (char *)malloc(16 + 1)) == NULL)
 		err(1, "Can't allocate memory");
 
-	/* Zero out old key if necesary (entry would change size) */
+	/* Zero out old key if necessary (entry would change size) */
 	if (zerokey) {
-		(void)skeyzero(&skey, pp->pw_name);
+		skeyzero(&skey, pp->pw_name);
 		/* Re-open keys file and seek to the end */
 		if (skeylookup(&skey, pp->pw_name) == -1)
 			err(1, "cannot open database");
@@ -376,26 +357,17 @@
 
 	/* Don't save algorithm type for md4 (keep record length same) */
 	if (strcmp(skey_get_algorithm(), "md4") == 0)
-		(void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
+		fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
 		    pp->pw_name, n, seed, skey.val, tbuf);
 	else
-		(void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
+		fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
 		    pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
 
-	(void)fclose(skey.keyfile);
+	fclose(skey.keyfile);
 
-	(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
+	printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
 		     skey_get_algorithm(), n, seed);
-	(void)printf("Next login password: %s\n\n",
+	printf("Next login password: %s\n\n",
 		     hexmode ? put8(buf, key) : btoe(buf, key));
-	exit(0);
-}
-
-void
-usage(s)
-	char *s;
-{
-	(void)fprintf(stderr,
-		"Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s);
-	exit(1);
+	return 0;
 }
diff -ruN skey-1.1.5.orig/skeylogin.c skey-1.1.5/skeylogin.c
--- skey-1.1.5.orig/skeylogin.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeylogin.c	2003-11-06 17:46:45.000000000 +0000
@@ -20,6 +20,7 @@
 #include <sys/quota.h>
 #endif
 #include <sys/stat.h>
+#include <sys/file.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/types.h>
@@ -32,6 +33,7 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <grp.h>
 
 #include "config.h"
 
@@ -45,73 +47,85 @@
 #include "sha1.h"
 #endif
 
+#include "err.h"
 #include "skey.h"
 
-char *skipspace __P((char *));
-int skeylookup __P((struct skey *, char *));
+#define OTP_FMT "otp-%.*s %d %.*s"
 
 /* Issue a skey challenge for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
  *
  * The file read/write pointer is left at the start of the
  * record.
  */
-int
-getskeyprompt(mp, name, prompt)
-	struct skey *mp;
-	char *name;
-	char *prompt;
+int getskeyprompt(struct skey *mp, char *name, char *prompt)
 {
 	int rval;
 
 	sevenbit(name);
 	rval = skeylookup(mp, name);
-	(void)strcpy(prompt, "otp-md0 55 latour1\n");
+
+	*prompt = '\0';
 	switch (rval) {
-	case -1:	/* File error */
-		return(-1);
-	case 0:		/* Lookup succeeded, return challenge */
-		(void)sprintf(prompt, "otp-%.*s %d %.*s\n",
-			      SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+		case -1:	/* File error */
+			return -1;
+		case 0:		/* Lookup succeeded, return challenge */
+			sprintf(prompt, OTP_FMT "\n",
+				SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
 			      mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
-		return(0);
-	case 1:		/* User not found */
-		(void)fclose(mp->keyfile);
-		return(-1);
+			return 0;
+		case 1:		/* User not found */
+			fclose(mp->keyfile);
+			mp->keyfile = NULL;
+			return -1;
 	}
-	return(-1);	/* Can't happen */
+	return -1;	/* Can't happen, never ever ever. ever. I'm serious. */
 }
 
 /* Return  a skey challenge string for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
  *
  * The file read/write pointer is left at the start of the
  * record.
  */
-int
-skeychallenge(mp, name, ss)
-	struct skey *mp;
-	char *name;
-	char *ss;
+int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
 {
 	int rval;
 
 	rval = skeylookup(mp,name);
+	*ss = '\0';
 	switch(rval){
-	case -1:	/* File error */
-		return(-1);
-	case 0:		/* Lookup succeeded, issue challenge */
-		(void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
+		case -1:	/* File error */
+			return -1;
+		case 0:		/* Lookup succeeded, issue challenge */
+			snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
 			      skey_get_algorithm(), mp->n - 1,
 			      SKEY_MAX_SEED_LEN, mp->seed);
-		return(0);
-	case 1:		/* User not found */
-		(void)fclose(mp->keyfile);
-		return(-1);
+			return 0;
+		case 1:		/* User not found */
+			fclose(mp->keyfile);
+			mp->keyfile = NULL;
+			return -1;
+	}
+	return -1;	/* Can't happen - or your money back */
+}
+
+static FILE *openskey(void)
+{
+	struct stat statbuf;
+	FILE *keyfile = NULL;
+
+	if (stat(SKEYKEYS, &statbuf) == 0 &&
+		(keyfile = fopen(SKEYKEYS, "r+"))) {
+			if ((statbuf.st_mode & 0007777) != 0600)
+				fchmod(fileno(keyfile), 0600);
+	} else {
+		keyfile = NULL;
 	}
-	return(-1);	/* Can't happen */
+
+	return keyfile;
 }
 
 /* Find an entry in the One-time Password database.
@@ -120,27 +134,19 @@
  *  0: entry found, file R/W pointer positioned at beginning of record
  *  1: entry not found, file R/W pointer positioned at EOF
  */
-int
-skeylookup(mp, name)
-	struct skey *mp;
-	char *name;
+int skeylookup(struct skey *mp, const char *name)
 {
 	int found = 0;
 	long recstart = 0;
-	char *cp, *ht = NULL;
-	struct stat statbuf;
-
-	/* Open SKEYKEYS if it exists, else return an error */
-	if (stat(SKEYKEYS, &statbuf) == 0 &&
-	    (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
-		if ((statbuf.st_mode & 0007777) != 0600)
-			fchmod(fileno(mp->keyfile), 0600);
-	} else {
-		return(-1);
-	}
+	const char *ht = NULL;
+	char *last;
 
+	if(!(mp->keyfile = openskey()))
+		return -1;
+	
 	/* Look up user name in database */
 	while (!feof(mp->keyfile)) {
+		char *cp;
 		recstart = ftell(mp->keyfile);
 		mp->recstart = recstart;
 		if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -148,22 +154,22 @@
 		rip(mp->buf);
 		if (mp->buf[0] == '#')
 			continue;	/* Comment */
-		if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+		if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
 			continue;
-		if ((cp = strtok(NULL, " \t")) == NULL)
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Save hash type if specified, else use md4 */
-		if (isalpha(*cp)) {
+		if (isalpha((u_char) *cp)) {
 			ht = cp;
-			if ((cp = strtok(NULL, " \t")) == NULL)
+			if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 				continue;
 		} else {
 			ht = "md4";
 		}
 		mp->n = atoi(cp);
-		if ((mp->seed = strtok(NULL, " \t")) == NULL)
+		if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
-		if ((mp->val = strtok(NULL, " \t")) == NULL)
+		if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		if (strcmp(mp->logname, name) == 0) {
 			found = 1;
@@ -171,7 +177,7 @@
 		}
 	}
 	if (found) {
-		(void)fseek(mp->keyfile, recstart, SEEK_SET);
+		fseek(mp->keyfile, recstart, SEEK_SET);
 		/* Set hash type */
 		if (ht && skey_set_algorithm(ht) == NULL) {
 			warnx("Unknown hash algorithm %s, using %s", ht,
@@ -189,27 +195,21 @@
  *  0: next entry found and stored in mp
  *  1: no more entries, file R/W pointer positioned at EOF
  */
-int
-skeygetnext(mp)
-	struct skey *mp;
+int skeygetnext(struct skey *mp)
 {
 	long recstart = 0;
-	char *cp;
-	struct stat statbuf;
+	char *last;
 
 	/* Open SKEYKEYS if it exists, else return an error */
 	if (mp->keyfile == NULL) {
-		if (stat(SKEYKEYS, &statbuf) == 0 &&
-		    (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
-			if ((statbuf.st_mode & 0007777) != 0600)
-				fchmod(fileno(mp->keyfile), 0600);
-		} else {
-			return(-1);
-		}
+		if(!(mp->keyfile = openskey()))
+			return -1;
 	}
 
 	/* Look up next user in database */
 	while (!feof(mp->keyfile)) {
+		char *cp;
+
 		recstart = ftell(mp->keyfile);
 		mp->recstart = recstart;
 		if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -217,19 +217,19 @@
 		rip(mp->buf);
 		if (mp->buf[0] == '#')
 			continue;	/* Comment */
-		if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+		if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
 			continue;
-		if ((cp = strtok(NULL, " \t")) == NULL)
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Save hash type if specified, else use md4 */
-		if (isalpha(*cp)) {
-			if ((cp = strtok(NULL, " \t")) == NULL)
+		if (isalpha((u_char) *cp)) {
+			if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 				continue;
 		}
 		mp->n = atoi(cp);
-		if ((mp->seed = strtok(NULL, " \t")) == NULL)
+		if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
-		if ((mp->val = strtok(NULL, " \t")) == NULL)
+		if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Got a real entry */
 		break;
@@ -246,10 +246,7 @@
  *
  * The database file is always closed by this call.
  */
-int
-skeyverify(mp, response)
-	struct skey *mp;
-	char *response;
+int skeyverify(struct skey *mp, char *response)
 {
 	char key[SKEY_BINKEY_SIZE];
 	char fkey[SKEY_BINKEY_SIZE];
@@ -257,29 +254,31 @@
 	time_t now;
 	struct tm *tm;
 	char tbuf[27];
-	char *cp;
+	char *cp, *last;
 	int i, rval;
 
 	time(&now);
 	tm = localtime(&now);
-	(void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
 
 	if (response == NULL) {
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 	rip(response);
 
 	/* Convert response to binary */
 	if (etob(key, response) != 1 && atob8(key, response) != 0) {
 		/* Neither english words or ascii hex */
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 
 	/* Compute fkey = f(key) */
-	(void)memcpy(fkey, key, sizeof(key));
-        (void)fflush(stdout);
+	memcpy(fkey, key, sizeof(key));
+    fflush(stdout);
 	f(fkey);
 
 	/*
@@ -298,26 +297,33 @@
 	}
 
 	/* Reread the file record NOW */
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 	rip(mp->buf);
-	mp->logname = strtok(mp->buf, " \t");
-	cp = strtok(NULL, " \t") ;
-	if (isalpha(*cp))
-		cp = strtok(NULL, " \t") ;
-	mp->seed = strtok(NULL, " \t");
-	mp->val = strtok(NULL, " \t");
+	if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
+		goto verify_failure;
+	if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
+	if (isalpha((u_char) *cp))
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+			goto verify_failure;
+	if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
+	if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
 	/* And convert file value to hex for comparison */
 	atob8(filekey, mp->val);
 
 	/* Do actual comparison */
 	if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
 		/* Wrong response */
-		(void)fclose(mp->keyfile);
-		return(1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return 1;
 	}
 
 	/*
@@ -327,19 +333,24 @@
 	 */
 	btoa8(mp->val,key);
 	mp->n--;
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	/* Don't save algorithm type for md4 (keep record length same) */
 	if (strcmp(skey_get_algorithm(), "md4") == 0)
-		(void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
+		fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
 			      mp->logname, mp->n, mp->seed, mp->val, tbuf);
 	else
-		(void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
+		fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
 			      mp->logname, skey_get_algorithm(), mp->n,
 			      mp->seed, mp->val, tbuf);
 
-	(void)fclose(mp->keyfile);
-	
-	return(0);
+	fclose(mp->keyfile);
+	mp->keyfile = NULL;
+	return 0;
+
+	verify_failure:
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 }
 
 /*
@@ -348,13 +359,18 @@
  * Returns: 1 user doesnt exist, -1 fle error, 0 user exists.
  *
  */
-int
-skey_haskey(username)
-	char *username;
+int skey_haskey(const char *username)
 {
 	struct skey skey;
+	int i;
+
+	i = skeylookup(&skey, username);
  
-	return(skeylookup(&skey, username));
+ 	if (skey.keyfile != NULL) {
+		fclose(skey.keyfile);
+		skey.keyfile = NULL;
+	}
+	return i;
 }
  
 /*
@@ -364,19 +380,21 @@
  * seed for the passed user.
  *
  */
-char *
-skey_keyinfo(username)
-	char *username;
+const char *skey_keyinfo(const char *username)
 {
 	int i;
 	static char str[SKEY_MAX_CHALLENGE];
 	struct skey skey;
 
-	i = skeychallenge(&skey, username, str);
+	i = skeychallenge(&skey, username, str, sizeof str);
 	if (i == -1)
-		return(0);
+		return 0;
 
-	return(str);
+	if (skey.keyfile != NULL) {
+		fclose(skey.keyfile);
+		skey.keyfile = NULL;
+	}
+	return str;
 }
  
 /*
@@ -388,40 +406,38 @@
  * Returns: 0 success, -1 failure
  *
  */
-int
-skey_passcheck(username, passwd)
-	char *username, *passwd;
+int skey_passcheck(const char *username, char *passwd)
 {
 	int i;
 	struct skey skey;
 
 	i = skeylookup(&skey, username);
 	if (i == -1 || i == 1)
-		return(-1);
+		return -1;
 
 	if (skeyverify(&skey, passwd) == 0)
-		return(skey.n);
+		return skey.n;
 
-	return(-1);
+	return -1;
 }
 
+#if DO_FAKE_CHALLENGE
 #define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
 		    ((x)[3]))
 
 /*
  * hash_collapse()
  */
-static u_int32_t
-hash_collapse(s)
-        u_char *s;
+static u_int32_t hash_collapse(u_char *s)
 {
-        int len, target;
+    int len, target, slen;
 	u_int32_t i;
-	
-	if ((strlen(s) % sizeof(u_int32_t)) == 0)
-  		target = strlen(s);    /* Multiple of 4 */
+
+	slen = strlen((char *)s);
+	if ((slen % sizeof(u_int32_t)) == 0)
+  		target = slen;    /* Multiple of 4 */
 	else
-		target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
+		target = slen - slen % sizeof(u_int32_t);
   
 	for (i = 0, len = 0; len < target; len += 4)
         	i ^= ROUND(s + len);
@@ -429,6 +445,8 @@
 	return i;
 }
 
+#endif 
+
 /*
  * skey_authenticate()
  *
@@ -438,22 +456,22 @@
  * Returns: 0 success, -1 failure
  *
  */
-int
-skey_authenticate(username)
-	char *username;
+int skey_authenticate(const char *username)
 {
 	int i;
+	char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
+	struct skey skey;
+#if DO_FAKE_CHALLENGE
 	u_int ptr;
 	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
-	char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
-	char *secret;
 	size_t secretlen;
-	struct skey skey;
 	SHA1_CTX ctx;
-	
+#endif
+
 	/* Attempt an S/Key challenge */
-	i = skeychallenge(&skey, username, skeyprompt);
+	i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
 
+#if DO_FAKE_CHALLENGE
 	/* Cons up a fake prompt if no entry in keys file */
 	if (i != 0) {
 		char *p, *u;
@@ -465,11 +483,11 @@
 		if (gethostname(pbuf, sizeof(pbuf)) == -1)
 			*(p = pbuf) = '.';
 		else
-			for (p = pbuf; *p && isalnum(*p); p++)
-				if (isalpha(*p) && isupper(*p))
-					*p = tolower(*p);
+			for (p = pbuf; *p && isalnum((u_char)*p); p++)
+				if (isalpha((u_char)*p) && isupper((u_char)*p))
+					*p = tolower((u_char)*p);
 		if (*p && pbuf - p < 4)
-			(void)strncpy(p, "asjd", 4 - (pbuf - p));
+			strncpy(p, "asjd", 4 - (pbuf - p));
 		pbuf[4] = '\0';
 
 		/* Hash the username if possible */
@@ -490,6 +508,7 @@
 			    SEEK_SET) != -1 && read(fd, hseed,
 			    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
 				close(fd);
+				fd = -1;
 				secret = hseed;
 				secretlen = SKEY_MAX_SEED_LEN;
 				flg = 0;
@@ -499,6 +518,8 @@
 				secretlen = strlen(secret);
 				flg = 0;
 			}
+			if (fd != -1)
+				close(fd);
 		}
 
 		/* Put that in your pipe and smoke it */
@@ -531,7 +552,7 @@
 			memset(up, 0, 20); /* SHA1 specific */
 			free(up);
 
-			(void)sprintf(skeyprompt,
+			sprintf(skeyprompt,
 				      "otp-%.*s %d %.*s",
 				      SKEY_MAX_HASHNAME_LEN,
 				      skey_get_algorithm(),
@@ -554,29 +575,30 @@
 			} while (--i != 0);
 			pbuf[12] = '\0';
 
-			(void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
+			sprintf(skeyprompt, "otp-%.*s %d %.*s",
 				      SKEY_MAX_HASHNAME_LEN,
 				      skey_get_algorithm(),
 				      99, SKEY_MAX_SEED_LEN, pbuf);
 		}
 	}
+#endif
 
-	(void)fprintf(stderr, "%s\n", skeyprompt);
-	(void)fflush(stderr);
+	fprintf(stderr, "[%s]\n", skeyprompt);
+	fflush(stderr);
 
-	(void)fputs("Response: ", stderr);
+	fputs("Response: ", stderr);
 	readskey(pbuf, sizeof(pbuf));
 
 	/* Is it a valid response? */
 	if (i == 0 && skeyverify(&skey, pbuf) == 0) {
 		if (skey.n < 5) {
-			(void)fprintf(stderr,
+			fprintf(stderr,
 			    "\nWarning! Key initialization needed soon.  (%d logins left)\n",
 			    skey.n);
 		}
-		return(0);
+		return 0;
 	}
-	return(-1);
+	return -1;
 }
 
 /* Comment out user's entry in the s/key database
@@ -587,22 +609,21 @@
  *
  * The database file is always closed by this call.
  */
-int
-skeyzero(mp, response)
-	struct skey *mp;
-	char *response;
+int skeyzero(struct skey *mp, char *response)
 {
 	/*
 	 * Seek to the right place and write comment character
 	 * which effectively zero's out the entry.
 	 */
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	if (fputc('#', mp->keyfile) == EOF) {
 		fclose(mp->keyfile);
-		return(-1);
+		mp->keyfile = NULL;
+		return -1;
 	}
 
-	(void)fclose(mp->keyfile);
+	fclose(mp->keyfile);
+	mp->keyfile = NULL;
 	
-	return(0);
+	return 0;
 }
diff -ruN skey-1.1.5.orig/skeyprune.8 skey-1.1.5/skeyprune.8
--- skey-1.1.5.orig/skeyprune.8	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyprune.8	2003-11-06 17:46:45.000000000 +0000
@@ -13,7 +13,7 @@
 .Sh DESCRIPTION
 .Nm skeyprune
 searches through the file
-.Dq Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
 and prunes out users who have zeroed their entries via
 .Xr skeyinit 1
 as well as entries that have not been modified in
@@ -22,8 +22,8 @@
 .Ar days
 is not specified only commented out entries are pruned.
 .Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
 S/Key key information database
 .El
 .Sh SEE ALSO
@@ -33,7 +33,7 @@
 Since
 .Nm skeyprune
 rewrites
-.Dq Pa /etc/skeykeys ,
+.Dq Pa /etc/skey/skeykeys ,
 there is a window where S/Key changes could get lost.
 It is therefore suggested that
 .Nm skeyprune
diff -ruN skey-1.1.5.orig/skeysubr.c skey-1.1.5/skeysubr.c
--- skey-1.1.5.orig/skeysubr.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeysubr.c	2003-11-06 17:46:45.000000000 +0000
@@ -40,30 +40,26 @@
 #else
 #include "sha1.h"
 #endif
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
 
 #include "skey.h"
 
 /* Default hash function to use (index into skey_hash_types array) */
 #ifndef SKEY_HASH_DEFAULT
-#define SKEY_HASH_DEFAULT	1
+#define SKEY_HASH_DEFAULT	0	/*MD4*/
 #endif
 
-static void f_md4 __P((char *x));
-static void f_md5 __P((char *x));
-static void f_sha1 __P((char *x));
-static void f_rmd160 __P((char *x));
-static int keycrunch_md4 __P((char *result, char *seed, char *passwd));
-static int keycrunch_md5 __P((char *result, char *seed, char *passwd));
-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd));
-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd));
-static void lowcase __P((char *s));
-static void skey_echo __P((int action));
-static void trapped __P((int sig));
+static void f_md4 __P((char *));
+static void f_md5 __P((char *));
+static void f_sha1 __P((char *));
+/* static void f_rmd160 __P((char *x)); */
+static int keycrunch_md4 __P((char *, const char *, const char *));
+static int keycrunch_md5 __P((char *, const char *, const char *));
+static int keycrunch_sha1 __P((char *, const char *, const char *));
+/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */
+static void lowcase __P((char *));
+static void skey_echo __P((int));
+static void trapped __P((int));
+static char *mkseedpassword(const char *, const char *, size_t *);
 
 /* Current hash type (index into skey_hash_types array) */
 static int skey_hash_type = SKEY_HASH_DEFAULT;
@@ -72,17 +68,16 @@
  * Hash types we support.
  * Each has an associated keycrunch() and f() function.
  */
-#define SKEY_ALGORITH_LAST	4
 struct skey_algorithm_table {
 	const char *name;
-	int (*keycrunch) (char *, char *, char *);
-	void (*f) (char *);
+	int (*keycrunch) __P((char *, const char *, const char *));
+	void (*f) __P((char *));
 };
 static struct skey_algorithm_table skey_algorithm_table[] = {
 	{ "md4", keycrunch_md4, f_md4 },
 	{ "md5", keycrunch_md5, f_md5 },
 	{ "sha1", keycrunch_sha1, f_sha1 },
-	{ "rmd160", keycrunch_rmd160, f_rmd160 }
+	{ NULL }
 };
 
 
@@ -91,242 +86,172 @@
  * concatenate the seed and the password, run through MD4/5 and
  * collapse to 64 bits. This is defined as the user's starting key.
  */
-int
-keycrunch(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+int keycrunch(char *result, const char *seed, const char *passwd)
 {
 	return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd));
 }
 
-static int
-keycrunch_md4(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen)
 {
 	char *buf;
-	MD4_CTX md;
-	u_int32_t results[4];
-	unsigned int buflen;
 
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
+	*buflen = strlen(seed) + strlen(passwd);
+	if ((buf = (char *) malloc(*buflen + 1)) == NULL)
+		return NULL;
+	strcpy(buf, seed);
 	lowcase(buf);
-	(void)strcat(buf, passwd);
+	strcat(buf, passwd);
+	sevenbit(buf);
+
+	return buf;
+}
 
+static int keycrunch_md4(char *result, const char *seed, const char *passwd)
+{
+	char *buf;
+	MD4_CTX md;
+	size_t buflen;
+	u_int32_t results[4];
+
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
+	
 	/* Crunch the key through MD4 */
-	sevenbit(buf);
 	MD4Init(&md);
 	MD4Update(&md, (unsigned char *)buf, buflen);
-	MD4Final((unsigned char *)results, &md);
-	(void)free(buf);
+	MD4Final((unsigned char *) (void *) results, &md);
+	free(buf);
 
 	/* Fold result from 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy(result, results, SKEY_BINKEY_SIZE);
 
-	return(0);
+	return 0;
 }
 
-static int
-keycrunch_md5(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static int keycrunch_md5(char *result, const char *seed, const char *passwd)
 {
 	char *buf;
 	MD5_CTX md;
 	u_int32_t results[4];
-	unsigned int buflen;
+	size_t buflen;
 
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
 
 	/* Crunch the key through MD5 */
-	sevenbit(buf);
 	MD5Init(&md);
 	MD5Update(&md, (unsigned char *)buf, buflen);
-	MD5Final((unsigned char *)results, &md);
-	(void)free(buf);
+	MD5Final((unsigned char *) (void *)results, &md);
+	free(buf);
 
 	/* Fold result from 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
 
 	return(0);
 }
 
-static int
-keycrunch_sha1(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static int keycrunch_sha1(char *result, const char *seed, const char *passwd)
 {
 	char *buf;
 	SHA1_CTX sha;
-	u_int32_t results[5];
-	unsigned int buflen;
-
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
+	size_t buflen;
+	int i, j;
 
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
+	
 	/* Crunch the key through SHA1 */
-	sevenbit(buf);
 	SHA1Init(&sha);
 	SHA1Update(&sha, (unsigned char *)buf, buflen);
-	SHA1Final((unsigned char *)results, &sha);
-	(void)free(buf);
+	SHA1Final(NULL, &sha);
+	free(buf);
 
 	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
-
-	return(0);
-}
-
-static int
-keycrunch_rmd160(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
-{
-	char *buf;
-	RMD160_CTX rmd;
-	u_int32_t results[5];
-	unsigned int buflen;
-
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
-
-	/* Crunch the key through RMD-160 */
-	sevenbit(buf);
-	RMD160Init(&rmd);
-	RMD160Update(&rmd, (unsigned char *)buf, buflen);
-	RMD160Final((unsigned char *)results, &rmd);
-	(void)free(buf);
-
-	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	sha.state[0] ^= sha.state[2];
+	sha.state[1] ^= sha.state[3];
+	sha.state[0] ^= sha.state[4];
+
+	for (i=j=0; j<8; i++, j+=4) {
+		result[j] = (unsigned char)(sha.state[i] & 0xff);
+		result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
+		result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
+		result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
+	}
 
-	return(0);
+	return 0;
 }
 
 /*
  * The one-way function f().
  * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
  */
-void
-f(x)
-	char *x;
+void f(char *x)
 {
 	skey_algorithm_table[skey_hash_type].f(x);
 }
 
-static void
-f_md4(x)
-	char *x;
+static void f_md4(char *x)
 {
 	MD4_CTX md;
 	u_int32_t results[4];
 
 	MD4Init(&md);
 	MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	MD4Final((unsigned char *)results, &md);
+	MD4Final((unsigned char *) (void *) results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy(x, results, SKEY_BINKEY_SIZE);
 }
 
-static void
-f_md5(x)
-	char *x;
+static void f_md5(char *x)
 {
 	MD5_CTX md;
 	u_int32_t results[4];
 
 	MD5Init(&md);
 	MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	MD5Final((unsigned char *)results, &md);
+	MD5Final((unsigned char *) (void *) results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
 }
 
-static void
-f_sha1(x)
-	char *x;
+static void f_sha1(char *x)
 {
 	SHA1_CTX sha;
-	u_int32_t results[5];
+	int i, j;
 
 	SHA1Init(&sha);
 	SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	SHA1Final((unsigned char *)results, &sha);
+	SHA1Final(NULL, &sha);
 
 	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
-}
-
-static void
-f_rmd160(x)
-	char *x;
-{
-	RMD160_CTX rmd;
-	u_int32_t results[5];
-
-	RMD160Init(&rmd);
-	RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	RMD160Final((unsigned char *)results, &rmd);
-
-	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	sha.state[0] ^= sha.state[2];
+	sha.state[1] ^= sha.state[3];
+	sha.state[0] ^= sha.state[4];
+
+	for (i=j=0; j<8; i++, j+=4) {
+		x[j]	= (unsigned char)(sha.state[i] & 0xff);
+		x[j+1]	= (unsigned char)((sha.state[i] >> 8) & 0xff);
+		x[j+2]	= (unsigned char)((sha.state[i] >> 16) & 0xff);
+		x[j+3]	= (unsigned char)((sha.state[i] >> 24) & 0xff);
+	}
 }
 
 /* Strip trailing cr/lf from a line of text */
-void
-rip(buf)
-	char *buf;
+void rip(char *buf)
 {
 	buf += strcspn(buf, "\r\n");
 
@@ -335,12 +260,9 @@
 }
 
 /* Read in secret password (turns off echo) */
-char *
-readpass(buf, n)
-	char *buf;
-	int n;
+char *readpass(char *buf, int n)
 {
-	void (*old_handler) ();
+	void *old_handler;
 
 	/* Turn off echoing */
 	skey_echo(0);
@@ -348,131 +270,114 @@
 	/* Catch SIGINT and save old signal handler */
 	old_handler = signal(SIGINT, trapped);
 
-	(void)fgets(buf, n, stdin);
+	fgets(buf, n, stdin);
 	rip(buf);
 
-	(void)putc('\n', stderr);
-	(void)fflush(stderr);
+	putc('\n', stderr);
+	fflush(stderr);
 
 	/* Restore signal handler and turn echo back on */
 	if (old_handler != SIG_ERR)
-		(void)signal(SIGINT, old_handler);
+		signal(SIGINT, old_handler);
 	skey_echo(1);
 
 	sevenbit(buf);
 
-	return(buf);
+	return buf;
 }
 
 /* Read in an s/key OTP (does not turn off echo) */
-char *
-readskey(buf, n)
-	char *buf;
-	int n;
+char *readskey(char *buf, int n)
 {
-	(void)fgets(buf, n, stdin);
+	fgets(buf, n, stdin);
 	rip(buf);
 
 	sevenbit(buf);
 
-	return(buf);
+	return buf;
 }
 
 /* Signal handler for trapping ^C */
-static void
-trapped(sig)
-	int sig;
+static void trapped(int sig)
 {
-	(void)fputs("^C\n", stderr);
-	(void)fflush(stderr);
+	fputs("^C\n", stderr);
+	fflush(stderr);
 
-	/* Turn on echo if necesary */
+	/* Turn on echo if necemassary */
 	skey_echo(1);
 
-	exit(-1);
+	exit(1);
 }
 
 /*
  * Convert 8-byte hex-ascii string to binary array
  * Returns 0 on success, -1 on error
  */
-int
-atob8(out, in)
-	register char *out;
-	register char *in;
+int atob8(char *out, const char *in)
 {
-	register int i;
-	register int val;
+	int i;
+	int val;
 
 	if (in == NULL || out == NULL)
-		return(-1);
+		return -1;
 
 	for (i=0; i < 8; i++) {
 		if ((in = skipspace(in)) == NULL)
-			return(-1);
+			return -1;
 		if ((val = htoi(*in++)) == -1)
-			return(-1);
+			return -1;
 		*out = val << 4;
 
 		if ((in = skipspace(in)) == NULL)
-			return(-1);
+			return -1;
 		if ((val = htoi(*in++)) == -1)
-			return(-1);
+			return -1;
 		*out++ |= val;
 	}
-	return(0);
+	return 0;
 }
 
 /* Convert 8-byte binary array to hex-ascii string */
-int
-btoa8(out, in)
-	register char *out;
-	register char *in;
+int btoa8(char *out, const char *in)
 {
-	register int i;
+	int i;
 
 	if (in == NULL || out == NULL)
-		return(-1);
+		return -1;
 
 	for (i=0; i < 8; i++) {
-		(void)sprintf(out, "%02x", *in++ & 0xff);
+		sprintf(out, "%02x", *in++ & 0xff);
 		out += 2;
 	}
-	return(0);
+	return 0;
 }
 
 /* Convert hex digit to binary integer */
-int
-htoi(c)
-	register int c;
+int htoi(int c)
 {
 	if ('0' <= c && c <= '9')
-		return(c - '0');
+		return c - '0';
 	if ('a' <= c && c <= 'f')
-		return(10 + c - 'a');
+		return 10 + c - 'a';
 	if ('A' <= c && c <= 'F')
-		return(10 + c - 'A');
-	return(-1);
+		return 10 + c - 'A';
+	return -1;
 }
 
 /* Skip leading spaces from the string */
-char *
-skipspace(cp)
-	register char *cp;
+const char *skipspace(const char *cp)
 {
 	while (*cp == ' ' || *cp == '\t')
 		cp++;
 
 	if (*cp == '\0')
-		return(NULL);
+		return NULL;
 	else
-		return(cp);
+		return cp;
 }
 
 /* Remove backspaced over characters from the string */
-void
-backspace(buf)
-	char *buf;
+void backspace(char *buf)
 {
 	char bs = 0x8;
 	char *cp = buf;
@@ -496,77 +401,68 @@
 }
 
 /* Make sure line is all seven bits */
-void
-sevenbit(s)
-	char *s;
+void sevenbit(char *s)
 {
 	while (*s)
 		*s++ &= 0x7f;
 }
 
 /* Set hash algorithm type */
-char *
-skey_set_algorithm(new)
-	char *new;
+const char *skey_set_algorithm(const char *new)
 {
 	int i;
 
-	for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
+	for (i = 0; skey_algorithm_table[i].name; i++) {
 		if (strcmp(new, skey_algorithm_table[i].name) == 0) {
 			skey_hash_type = i;
-			return(new);
+			return new;
 		}
 	}
 
-	return(NULL);
+	return NULL;
 }
 
 /* Get current hash type */
-const char *
-skey_get_algorithm()
+const char *skey_get_algorithm()
 {
 	return(skey_algorithm_table[skey_hash_type].name);
 }
 
 /* Turn echo on/off */
-static void
-skey_echo(action)
-	int action;
+static void skey_echo(int action)
 {
 	static struct termios term;
 	static int echo = 0;
 
 	if (action == 0) {
 		/* Turn echo off */
-		(void) tcgetattr(fileno(stdin), &term);
+		tcgetattr(fileno(stdin), &term);
 		if ((echo = (term.c_lflag & ECHO))) {
 			term.c_lflag &= ~ECHO;
 #ifdef TCSASOFT
-			(void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+			tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
 #else
-			(void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+			tcsetattr(fileno(stdin), TCSAFLUSH, &term);
 #endif
 		}
 	} else if (action && echo) {
 		/* Turn echo on */
 		term.c_lflag |= ECHO;
 #ifdef TCSASOFT
-		(void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+		tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
 #else
-		(void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+		tcsetattr(fileno(stdin), TCSAFLUSH, &term);
 #endif	       
 		echo = 0;
 	}
 }
 
 /* Convert string to lower case */
-static void
-lowcase(s)
-	char *s;
+static void lowcase(char *s)
 {
-	char *p;
+	u_char *p;
 
-	for (p = s; *p; p++)
+	for (p = (u_char *) s; *p; p++)
 		if (isupper(*p))
 			*p = tolower(*p);
 }
diff -ruN skey-1.1.5.orig/strlcpy.c skey-1.1.5/strlcpy.c
--- skey-1.1.5.orig/strlcpy.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/strlcpy.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,72 +0,0 @@
-/*	$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $	*/
-
-/*
- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "config.h"
-#ifndef HAVE_STRLCPY
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <sys/types.h>
-#include <string.h>
-
-/*
- * Copy src to string dst of size siz.  At most siz-1 characters
- * will be copied.  Always NUL terminates (unless siz == 0).
- * Returns strlen(src); if retval >= siz, truncation occurred.
- */
-size_t strlcpy(dst, src, siz)
-	char *dst;
-	const char *src;
-	size_t siz;
-{
-	register char *d = dst;
-	register const char *s = src;
-	register size_t n = siz;
-
-	/* Copy as many bytes as will fit */
-	if (n != 0 && --n != 0) {
-		do {
-			if ((*d++ = *s++) == 0)
-				break;
-		} while (--n != 0);
-	}
-
-	/* Not enough room in dst, add NUL and traverse rest of src */
-	if (n == 0) {
-		if (siz != 0)
-			*d = '\0';		/* NUL-terminate dst */
-		while (*s++)
-			;
-	}
-
-	return(s - src - 1);	/* count does not include NUL */
-}
-
-#endif
